diff --git a/404.html b/404.html index eece111..54f1e66 100644 --- a/404.html +++ b/404.html @@ -4,7 +4,7 @@ Page Not Found | MITRE ATT&CK Data Model - + diff --git a/assets/js/05907113.ca821053.js b/assets/js/05907113.4c2b4fbf.js similarity index 60% rename from assets/js/05907113.ca821053.js rename to assets/js/05907113.4c2b4fbf.js index 438180f..a6d01c0 100644 --- a/assets/js/05907113.ca821053.js +++ b/assets/js/05907113.4c2b4fbf.js @@ -1 +1 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[77],{291:e=>{e.exports=JSON.parse('{"version":{"pluginId":"default","version":"current","label":"Next","banner":null,"badge":false,"noIndex":false,"className":"docs-version-current","isLast":true,"docsSidebars":{"tutorialSidebar":[{"type":"link","label":"Overview","href":"/attack-data-model/docs/overview","docId":"overview","unlisted":false},{"type":"category","label":"STIX Domain Objects","items":[{"type":"link","label":"Asset Schema","href":"/attack-data-model/docs/sdo/asset.schema","docId":"sdo/asset.schema","unlisted":false},{"type":"link","label":"Campaign Schema","href":"/attack-data-model/docs/sdo/campaign.schema","docId":"sdo/campaign.schema","unlisted":false},{"type":"link","label":"Collection Schema","href":"/attack-data-model/docs/sdo/collection.schema","docId":"sdo/collection.schema","unlisted":false},{"type":"link","label":"Data component Schema","href":"/attack-data-model/docs/sdo/data-component.schema","docId":"sdo/data-component.schema","unlisted":false},{"type":"link","label":"Data source Schema","href":"/attack-data-model/docs/sdo/data-source.schema","docId":"sdo/data-source.schema","unlisted":false},{"type":"link","label":"Group Schema","href":"/attack-data-model/docs/sdo/group.schema","docId":"sdo/group.schema","unlisted":false},{"type":"link","label":"Identity Schema","href":"/attack-data-model/docs/sdo/identity.schema","docId":"sdo/identity.schema","unlisted":false},{"type":"link","label":"Malware Schema","href":"/attack-data-model/docs/sdo/malware.schema","docId":"sdo/malware.schema","unlisted":false},{"type":"link","label":"Matrix Schema","href":"/attack-data-model/docs/sdo/matrix.schema","docId":"sdo/matrix.schema","unlisted":false},{"type":"link","label":"Mitigation Schema","href":"/attack-data-model/docs/sdo/mitigation.schema","docId":"sdo/mitigation.schema","unlisted":false},{"type":"link","label":"Software Schema","href":"/attack-data-model/docs/sdo/software.schema","docId":"sdo/software.schema","unlisted":false},{"type":"link","label":"Tactic Schema","href":"/attack-data-model/docs/sdo/tactic.schema","docId":"sdo/tactic.schema","unlisted":false},{"type":"link","label":"Technique Schema","href":"/attack-data-model/docs/sdo/technique.schema","docId":"sdo/technique.schema","unlisted":false},{"type":"link","label":"Tool Schema","href":"/attack-data-model/docs/sdo/tool.schema","docId":"sdo/tool.schema","unlisted":false}],"collapsed":true,"collapsible":true},{"type":"category","label":"STIX Relationship Objects","items":[{"type":"link","label":"Relationship Schema","href":"/attack-data-model/docs/sro/relationship.schema","docId":"sro/relationship.schema","unlisted":false}],"collapsed":true,"collapsible":true},{"type":"category","label":"STIX Meta Objects","items":[{"type":"link","label":"Marking definition Schema","href":"/attack-data-model/docs/smo/marking-definition.schema","docId":"smo/marking-definition.schema","unlisted":false}],"collapsed":true,"collapsible":true}]},"docs":{"overview":{"id":"overview","title":"Overview","description":"// automate the overview summary here","sidebar":"tutorialSidebar"},"sdo/asset.schema":{"id":"sdo/asset.schema","title":"Asset Schema","description":"","sidebar":"tutorialSidebar"},"sdo/campaign.schema":{"id":"sdo/campaign.schema","title":"Campaign Schema","description":"","sidebar":"tutorialSidebar"},"sdo/collection.schema":{"id":"sdo/collection.schema","title":"Collection Schema","description":"","sidebar":"tutorialSidebar"},"sdo/data-component.schema":{"id":"sdo/data-component.schema","title":"Data component Schema","description":"","sidebar":"tutorialSidebar"},"sdo/data-source.schema":{"id":"sdo/data-source.schema","title":"Data source Schema","description":"","sidebar":"tutorialSidebar"},"sdo/group.schema":{"id":"sdo/group.schema","title":"Group Schema","description":"","sidebar":"tutorialSidebar"},"sdo/identity.schema":{"id":"sdo/identity.schema","title":"Identity Schema","description":"","sidebar":"tutorialSidebar"},"sdo/malware.schema":{"id":"sdo/malware.schema","title":"Malware Schema","description":"","sidebar":"tutorialSidebar"},"sdo/matrix.schema":{"id":"sdo/matrix.schema","title":"Matrix Schema","description":"","sidebar":"tutorialSidebar"},"sdo/mitigation.schema":{"id":"sdo/mitigation.schema","title":"Mitigation Schema","description":"","sidebar":"tutorialSidebar"},"sdo/software.schema":{"id":"sdo/software.schema","title":"Software Schema","description":"","sidebar":"tutorialSidebar"},"sdo/tactic.schema":{"id":"sdo/tactic.schema","title":"Tactic Schema","description":"","sidebar":"tutorialSidebar"},"sdo/technique.schema":{"id":"sdo/technique.schema","title":"Technique Schema","description":"","sidebar":"tutorialSidebar"},"sdo/tool.schema":{"id":"sdo/tool.schema","title":"Tool Schema","description":"","sidebar":"tutorialSidebar"},"smo/marking-definition.schema":{"id":"smo/marking-definition.schema","title":"Marking definition Schema","description":"","sidebar":"tutorialSidebar"},"sro/relationship.schema":{"id":"sro/relationship.schema","title":"Relationship Schema","description":"","sidebar":"tutorialSidebar"}}}}')}}]); \ No newline at end of file +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[77],{291:e=>{e.exports=JSON.parse('{"version":{"pluginId":"default","version":"current","label":"Next","banner":null,"badge":false,"noIndex":false,"className":"docs-version-current","isLast":true,"docsSidebars":{"tutorialSidebar":[{"type":"link","label":"Overview","href":"/attack-data-model/docs/overview","docId":"overview","unlisted":false},{"type":"category","label":"STIX Domain Objects","items":[{"type":"link","label":"Asset Schema","href":"/attack-data-model/docs/sdo/asset.schema","docId":"sdo/asset.schema","unlisted":false},{"type":"link","label":"Campaign Schema","href":"/attack-data-model/docs/sdo/campaign.schema","docId":"sdo/campaign.schema","unlisted":false},{"type":"link","label":"Collection Schema","href":"/attack-data-model/docs/sdo/collection.schema","docId":"sdo/collection.schema","unlisted":false},{"type":"link","label":"Data component Schema","href":"/attack-data-model/docs/sdo/data-component.schema","docId":"sdo/data-component.schema","unlisted":false},{"type":"link","label":"Data source Schema","href":"/attack-data-model/docs/sdo/data-source.schema","docId":"sdo/data-source.schema","unlisted":false},{"type":"link","label":"Group Schema","href":"/attack-data-model/docs/sdo/group.schema","docId":"sdo/group.schema","unlisted":false},{"type":"link","label":"Identity Schema","href":"/attack-data-model/docs/sdo/identity.schema","docId":"sdo/identity.schema","unlisted":false},{"type":"link","label":"Malware Schema","href":"/attack-data-model/docs/sdo/malware.schema","docId":"sdo/malware.schema","unlisted":false},{"type":"link","label":"Matrix Schema","href":"/attack-data-model/docs/sdo/matrix.schema","docId":"sdo/matrix.schema","unlisted":false},{"type":"link","label":"Mitigation Schema","href":"/attack-data-model/docs/sdo/mitigation.schema","docId":"sdo/mitigation.schema","unlisted":false},{"type":"link","label":"Software Schema","href":"/attack-data-model/docs/sdo/software.schema","docId":"sdo/software.schema","unlisted":false},{"type":"link","label":"Tactic Schema","href":"/attack-data-model/docs/sdo/tactic.schema","docId":"sdo/tactic.schema","unlisted":false},{"type":"link","label":"Technique Schema","href":"/attack-data-model/docs/sdo/technique.schema","docId":"sdo/technique.schema","unlisted":false},{"type":"link","label":"Tool Schema","href":"/attack-data-model/docs/sdo/tool.schema","docId":"sdo/tool.schema","unlisted":false}],"collapsed":true,"collapsible":true},{"type":"category","label":"STIX Relationship Objects","items":[{"type":"link","label":"Relationship Schema","href":"/attack-data-model/docs/sro/relationship.schema","docId":"sro/relationship.schema","unlisted":false}],"collapsed":true,"collapsible":true},{"type":"category","label":"STIX Meta Objects","items":[{"type":"link","label":"Marking definition Schema","href":"/attack-data-model/docs/smo/marking-definition.schema","docId":"smo/marking-definition.schema","unlisted":false}],"collapsed":true,"collapsible":true}]},"docs":{"overview":{"id":"overview","title":"Overview","description":"// automate the overview summary here","sidebar":"tutorialSidebar"},"sdo/asset.schema":{"id":"sdo/asset.schema","title":"Asset Schema","description":"Asset","sidebar":"tutorialSidebar"},"sdo/campaign.schema":{"id":"sdo/campaign.schema","title":"Campaign Schema","description":"Campaign","sidebar":"tutorialSidebar"},"sdo/collection.schema":{"id":"sdo/collection.schema","title":"Collection Schema","description":"Collection","sidebar":"tutorialSidebar"},"sdo/data-component.schema":{"id":"sdo/data-component.schema","title":"Data component Schema","description":"DataComponent","sidebar":"tutorialSidebar"},"sdo/data-source.schema":{"id":"sdo/data-source.schema","title":"Data source Schema","description":"DataSource","sidebar":"tutorialSidebar"},"sdo/group.schema":{"id":"sdo/group.schema","title":"Group Schema","description":"Group","sidebar":"tutorialSidebar"},"sdo/identity.schema":{"id":"sdo/identity.schema","title":"Identity Schema","description":"Identity","sidebar":"tutorialSidebar"},"sdo/malware.schema":{"id":"sdo/malware.schema","title":"Malware Schema","description":"Malware","sidebar":"tutorialSidebar"},"sdo/matrix.schema":{"id":"sdo/matrix.schema","title":"Matrix Schema","description":"Matrix","sidebar":"tutorialSidebar"},"sdo/mitigation.schema":{"id":"sdo/mitigation.schema","title":"Mitigation Schema","description":"Mitigation","sidebar":"tutorialSidebar"},"sdo/software.schema":{"id":"sdo/software.schema","title":"Software Schema","description":"Software","sidebar":"tutorialSidebar"},"sdo/tactic.schema":{"id":"sdo/tactic.schema","title":"Tactic Schema","description":"Tactic","sidebar":"tutorialSidebar"},"sdo/technique.schema":{"id":"sdo/technique.schema","title":"Technique Schema","description":"Technique","sidebar":"tutorialSidebar"},"sdo/tool.schema":{"id":"sdo/tool.schema","title":"Tool Schema","description":"Tool","sidebar":"tutorialSidebar"},"smo/marking-definition.schema":{"id":"smo/marking-definition.schema","title":"Marking definition Schema","description":"BaseMarkingDefinition","sidebar":"tutorialSidebar"},"sro/relationship.schema":{"id":"sro/relationship.schema","title":"Relationship Schema","description":"Relationship","sidebar":"tutorialSidebar"}}}}')}}]); \ No newline at end of file diff --git a/assets/js/12a2b8d0.f2a0a6bf.js b/assets/js/12a2b8d0.f2a0a6bf.js deleted file mode 100644 index c9b017d..0000000 --- a/assets/js/12a2b8d0.f2a0a6bf.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[765],{3231:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>a,default:()=>h,frontMatter:()=>s,metadata:()=>r,toc:()=>u});var c=n(4848),o=n(8453);const s={},a="Technique Schema",r={id:"sdo/technique.schema",title:"Technique Schema",description:"",source:"@site/docs/sdo/technique.schema.md",sourceDirName:"sdo",slug:"/sdo/technique.schema",permalink:"/attack-data-model/docs/sdo/technique.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Tactic Schema",permalink:"/attack-data-model/docs/sdo/tactic.schema"},next:{title:"Tool Schema",permalink:"/attack-data-model/docs/sdo/tool.schema"}},i={},u=[];function d(e){const t={h1:"h1",header:"header",...(0,o.R)(),...e.components};return(0,c.jsx)(t.header,{children:(0,c.jsx)(t.h1,{id:"technique-schema",children:"Technique Schema"})})}function h(e={}){const{wrapper:t}={...(0,o.R)(),...e.components};return t?(0,c.jsx)(t,{...e,children:(0,c.jsx)(d,{...e})}):d(e)}},8453:(e,t,n)=>{n.d(t,{R:()=>a,x:()=>r});var c=n(6540);const o={},s=c.createContext(o);function a(e){const t=c.useContext(s);return c.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function r(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(o):e.components||o:a(e.components),c.createElement(s.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/12a2b8d0.f977506c.js b/assets/js/12a2b8d0.f977506c.js new file mode 100644 index 0000000..0c57ada --- /dev/null +++ b/assets/js/12a2b8d0.f977506c.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[765],{3231:(e,t,i)=>{i.r(t),i.d(t,{assets:()=>c,contentTitle:()=>l,default:()=>x,frontMatter:()=>n,metadata:()=>d,toc:()=>o});var s=i(4848),r=i(8453);const n={},l="Technique Schema",d={id:"sdo/technique.schema",title:"Technique Schema",description:"Technique",source:"@site/docs/sdo/technique.schema.md",sourceDirName:"sdo",slug:"/sdo/technique.schema",permalink:"/attack-data-model/docs/sdo/technique.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Tactic Schema",permalink:"/attack-data-model/docs/sdo/tactic.schema"},next:{title:"Tool Schema",permalink:"/attack-data-model/docs/sdo/tool.schema"}},c={},o=[{value:"Technique",id:"technique",level:2},{value:"XMitreDataSource",id:"xmitredatasource",level:2},{value:"XMitreDataSources",id:"xmitredatasources",level:2},{value:"XMitreDefenseBypasses",id:"xmitredefensebypasses",level:2},{value:"XMitreDetection",id:"xmitredetection",level:2},{value:"XMitreEffectivePermissions",id:"xmitreeffectivepermissions",level:2},{value:"XMitreIsSubtechnique",id:"xmitreissubtechnique",level:2},{value:"XMitrePermissionsRequired",id:"xmitrepermissionsrequired",level:2},{value:"XMitreRemoteSupport",id:"xmitreremotesupport",level:2},{value:"XMitreSystemRequirements",id:"xmitresystemrequirements",level:2},{value:"XMitreTacticType",id:"xmitretactictype",level:2}];function h(e){const t={a:"a",code:"code",em:"em",h1:"h1",h2:"h2",header:"header",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",...(0,r.R)(),...e.components};return(0,s.jsxs)(s.Fragment,{children:[(0,s.jsx)(t.header,{children:(0,s.jsx)(t.h1,{id:"technique-schema",children:"Technique Schema"})}),"\n",(0,s.jsx)(t.h2,{id:"technique",children:"Technique"}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,s.jsxs)(t.table,{children:[(0,s.jsx)(t.thead,{children:(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,s.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,s.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,s.jsxs)(t.tbody,{children:[(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"id"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"}}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"type"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"}}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"'attack-pattern'"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the STIX specification used to represent this object."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"'2.0' | '2.1'"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"created"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"modified"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"created_by_ref"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"labels"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The labels property specifies a set of terms used to describe this object."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"Array"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"revoked"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The revoked property indicates whether the object has been revoked."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"boolean"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"confidence"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"}}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.code,{children:"number"})," (",(0,s.jsx)(t.em,{children:"int, \u22651, \u226499"}),")"]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"lang"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Identifies the language of the text content in this object."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"string"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"external_references"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"A list of external references which refers to non-STIX information."}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.em,{children:"Array of at least 1 objects:"}),(0,s.jsx)("br",{}),(0,s.jsxs)("ul",{children:[(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"source_name"}),": ",(0,s.jsx)(t.code,{children:"string"})]}),(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"description"}),": ",(0,s.jsx)(t.code,{children:"string"})]}),(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"url"}),": ",(0,s.jsx)(t.code,{children:"string"})," (",(0,s.jsx)(t.em,{children:"url"}),")"]}),(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"external_id"}),": ",(0,s.jsx)(t.code,{children:"string"})]})]})]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"object_marking_refs"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The list of marking-definition objects to be applied to this object."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"Array"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"granular_markings"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The set of granular markings that apply to this object."}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.em,{children:"Array of objects:"}),(0,s.jsx)("br",{}),(0,s.jsxs)("ul",{children:[(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"marking_ref"}),": ",(0,s.jsx)(t.code,{children:"any"})," - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4."]}),(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"selectors"}),": ",(0,s.jsx)(t.code,{children:"Array"})]})]})]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"extensions"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Specifies any extensions of the object, as a dictionary."}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,s.jsx)(t.code,{children:"string"})," ",(0,s.jsx)(t.em,{children:"and values of type"})," ",(0,s.jsx)(t.em,{children:"Object with properties:"}),(0,s.jsxs)("ul",{children:[(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"extension_type"}),": ",(0,s.jsx)(t.code,{children:"string"})]}),(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"extension_properties"}),": ",(0,s.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,s.jsx)(t.code,{children:"string"})," ",(0,s.jsx)(t.em,{children:"and values of type"})," ",(0,s.jsx)(t.code,{children:"unknown"})," (",(0,s.jsx)(t.em,{children:"optional & nullable"}),")"]})]})," ",(0,s.jsx)(t.em,{children:"or"})," ",(0,s.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,s.jsx)(t.code,{children:"string"})," ",(0,s.jsx)(t.em,{children:"and values of type"})," ",(0,s.jsx)(t.code,{children:"unknown"})," (",(0,s.jsx)(t.em,{children:"optional & nullable"}),")"]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"name"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The name of the object."}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.code,{children:"string"})," (",(0,s.jsx)(t.em,{children:"min length: 1"}),")"]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"x_mitre_attack_spec_version"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"string"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"x_mitre_version"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_old_attack_id"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Old ATT&CK IDs that may have been associated with this object"}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"string"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_deprecated"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Indicates whether the object has been deprecated."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"boolean"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"kill_chain_phases"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"}}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.em,{children:"Array of objects:"}),(0,s.jsx)("br",{}),(0,s.jsxs)("ul",{children:[(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"phase_name"}),": ",(0,s.jsx)(t.code,{children:"string"})]}),(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"kill_chain_name"}),": ",(0,s.jsx)(t.code,{children:"'mitre-attack' | 'mitre-mobile-attack' | 'mitre-ics-attack'"})]})]})]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"description"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"A description of the object."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"string"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_platforms"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"List of platforms that apply to the object."}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.code,{children:"Array<'Field Controller/RTU/PLC/IED' | 'Network' | 'Data Historian' | 'Google Workspace' | 'Office 365' | 'Containers' | 'Azure AD' | 'Engineering Workstation' | 'Control Server' | 'Human-Machine Interface' | 'Windows' | 'Linux' | 'IaaS' | 'None' | 'iOS' | 'PRE' | 'SaaS' | 'Input/Output Server' | 'macOS' | 'Android' | ...>"})," (",(0,s.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_detection"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Strategies for identifying if a technique has been used by an adversary."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.a,{href:"#xmitredetection",children:"XMitreDetection"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"x_mitre_is_subtechnique"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"If true, this attack-pattern is a sub-technique."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.a,{href:"#xmitreissubtechnique",children:"XMitreIsSubtechnique"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_data_sources"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Sources of information that may be used to identify the action or result of the action being performed."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.a,{href:"#xmitredatasources",children:"XMitreDataSources"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_defense_bypassed"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"List of defensive tools, methodologies, or processes the technique can bypass."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.a,{href:"#xmitredefensebypasses",children:"XMitreDefenseBypasses"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_contributors"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"People and organizations who have contributed to the object. Not found on relationship objects."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"Array"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_permissions_required"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The lowest level of permissions the adversary is required to be operating within to perform the technique on a system."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.a,{href:"#xmitrepermissionsrequired",children:"XMitrePermissionsRequired"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_remote_support"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"If true, the technique can be used to execute something on a remote system."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.a,{href:"#xmitreremotesupport",children:"XMitreRemoteSupport"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_system_requirements"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Additional information on requirements the adversary needs to meet or about the state of the system (software, patch level, etc.) that may be required for the technique to work."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.a,{href:"#xmitresystemrequirements",children:"XMitreSystemRequirements"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_impact_type"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Denotes if the technique can be used for integrity or availability attacks."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"Array<'Availability' | 'Integrity'>"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_effective_permissions"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The level of permissions the adversary will attain by performing the technique."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.a,{href:"#xmitreeffectivepermissions",children:"XMitreEffectivePermissions"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_network_requirements"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"}}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"boolean"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_tactic_type"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:'"Post-Adversary Device Access", "Pre-Adversary Device Access", or "Without Adversary Device Access".'}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.a,{href:"#xmitretactictype",children:"XMitreTacticType"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"x_mitre_domains"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The technology domains to which the ATT&CK object belongs."}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.code,{children:"Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'>"})," (",(0,s.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_modified_by_ref"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]})]})]}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,s.jsx)(t.h2,{id:"xmitredatasource",children:"XMitreDataSource"}),"\n",(0,s.jsx)(t.p,{children:"A single data source in the format 'Data Source Name: Data Component Name'."}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsx)(t.em,{children:"Any type."})}),"\n",(0,s.jsx)(t.h2,{id:"xmitredatasources",children:"XMitreDataSources"}),"\n",(0,s.jsx)(t.p,{children:"Sources of information that may be used to identify the action or result of the action being performed."}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsxs)(t.em,{children:["Array of ",(0,s.jsx)(t.a,{href:"#xmitredatasource",children:"XMitreDataSource"})," items."]})}),"\n",(0,s.jsx)(t.h2,{id:"xmitredefensebypasses",children:"XMitreDefenseBypasses"}),"\n",(0,s.jsx)(t.p,{children:"List of defensive tools, methodologies, or processes the technique can bypass."}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsxs)(t.em,{children:["Array of at least 1 ",(0,s.jsx)(t.code,{children:"'Signature-based detection' | 'Multi-Factor Authentication' | 'Network Intrusion Detection System' | 'Application Control' | 'Host forensic analysis' | 'Exploit Prevention' | 'Signature-based Detection' | 'Data Execution Prevention' | 'Heuristic Detection' | 'File system access controls' | 'File Monitoring' | 'Digital Certificate Validation' | 'Logon Credentials' | 'Firewall' | 'Host Forensic Analysis' | 'Static File Analysis' | 'Heuristic detection' | 'Notarization' | 'System access controls' | 'Binary Analysis' | ..."})," items."]})}),"\n",(0,s.jsx)(t.h2,{id:"xmitredetection",children:"XMitreDetection"}),"\n",(0,s.jsx)(t.p,{children:"Strategies for identifying if a technique has been used by an adversary."}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsx)(t.em,{children:"String."})}),"\n",(0,s.jsx)(t.h2,{id:"xmitreeffectivepermissions",children:"XMitreEffectivePermissions"}),"\n",(0,s.jsx)(t.p,{children:"The level of permissions the adversary will attain by performing the technique."}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsxs)(t.em,{children:["Array of at least 1 ",(0,s.jsx)(t.code,{children:"'Administrator' | 'SYSTEM' | 'User' | 'root'"})," items."]})}),"\n",(0,s.jsx)(t.h2,{id:"xmitreissubtechnique",children:"XMitreIsSubtechnique"}),"\n",(0,s.jsx)(t.p,{children:"If true, this attack-pattern is a sub-technique."}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsx)(t.em,{children:"Boolean."})}),"\n",(0,s.jsx)(t.h2,{id:"xmitrepermissionsrequired",children:"XMitrePermissionsRequired"}),"\n",(0,s.jsx)(t.p,{children:"The lowest level of permissions the adversary is required to be operating within to perform the technique on a system."}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsxs)(t.em,{children:["Array of at least 1 ",(0,s.jsx)(t.code,{children:"'Remote Desktop Users' | 'SYSTEM' | 'Administrator' | 'root' | 'User'"})," items."]})}),"\n",(0,s.jsx)(t.h2,{id:"xmitreremotesupport",children:"XMitreRemoteSupport"}),"\n",(0,s.jsx)(t.p,{children:"If true, the technique can be used to execute something on a remote system."}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsx)(t.em,{children:"Boolean."})}),"\n",(0,s.jsx)(t.h2,{id:"xmitresystemrequirements",children:"XMitreSystemRequirements"}),"\n",(0,s.jsx)(t.p,{children:"Additional information on requirements the adversary needs to meet or about the state of the system (software, patch level, etc.) that may be required for the technique to work."}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsxs)(t.em,{children:["Array of ",(0,s.jsx)(t.code,{children:"string"})," items."]})}),"\n",(0,s.jsx)(t.h2,{id:"xmitretactictype",children:"XMitreTacticType"}),"\n",(0,s.jsx)(t.p,{children:'"Post-Adversary Device Access", "Pre-Adversary Device Access", or "Without Adversary Device Access".'}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsxs)(t.em,{children:["Array of ",(0,s.jsx)(t.code,{children:"'Post-Adversary Device Access' | 'Pre-Adversary Device Access' | 'Without Adversary Device Access'"})," items."]})})]})}function x(e={}){const{wrapper:t}={...(0,r.R)(),...e.components};return t?(0,s.jsx)(t,{...e,children:(0,s.jsx)(h,{...e})}):h(e)}},8453:(e,t,i)=>{i.d(t,{R:()=>l,x:()=>d});var s=i(6540);const r={},n=s.createContext(r);function l(e){const t=s.useContext(n);return s.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function d(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(r):e.components||r:l(e.components),s.createElement(n.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/168a7715.32be5472.js b/assets/js/168a7715.32be5472.js new file mode 100644 index 0000000..30c2819 --- /dev/null +++ b/assets/js/168a7715.32be5472.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[775],{3860:(e,t,s)=>{s.r(t),s.d(t,{assets:()=>c,contentTitle:()=>r,default:()=>x,frontMatter:()=>n,metadata:()=>d,toc:()=>h});var l=s(4848),i=s(8453);const n={},r="Malware Schema",d={id:"sdo/malware.schema",title:"Malware Schema",description:"Malware",source:"@site/docs/sdo/malware.schema.md",sourceDirName:"sdo",slug:"/sdo/malware.schema",permalink:"/attack-data-model/docs/sdo/malware.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Identity Schema",permalink:"/attack-data-model/docs/sdo/identity.schema"},next:{title:"Matrix Schema",permalink:"/attack-data-model/docs/sdo/matrix.schema"}},c={},h=[{value:"Malware",id:"malware",level:2},{value:"StixArtifactType",id:"stixartifacttype",level:2},{value:"StixFileType",id:"stixfiletype",level:2}];function o(e){const t={code:"code",em:"em",h1:"h1",h2:"h2",header:"header",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",...(0,i.R)(),...e.components};return(0,l.jsxs)(l.Fragment,{children:[(0,l.jsx)(t.header,{children:(0,l.jsx)(t.h1,{id:"malware-schema",children:"Malware Schema"})}),"\n",(0,l.jsx)(t.h2,{id:"malware",children:"Malware"}),"\n",(0,l.jsx)(t.p,{children:(0,l.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,l.jsxs)(t.table,{children:[(0,l.jsx)(t.thead,{children:(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,l.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,l.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,l.jsxs)(t.tbody,{children:[(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"id"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"}}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"type"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"}}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"'malware'"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the STIX specification used to represent this object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"'2.0' | '2.1'"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"created"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"modified"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"created_by_ref"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The ID of the Source object that describes who created this object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"labels"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The labels property specifies a set of terms used to describe this object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"revoked"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The revoked property indicates whether the object has been revoked."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"boolean"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"confidence"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"}}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.code,{children:"number"})," (",(0,l.jsx)(t.em,{children:"int, \u22651, \u226499"}),")"]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"lang"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Identifies the language of the text content in this object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"string"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"external_references"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"A list of external references which refers to non-STIX information."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.em,{children:"Array of at least 1 objects:"}),(0,l.jsx)("br",{}),(0,l.jsxs)("ul",{children:[(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"source_name"}),": ",(0,l.jsx)(t.code,{children:"string"})]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"description"}),": ",(0,l.jsx)(t.code,{children:"string"})]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"url"}),": ",(0,l.jsx)(t.code,{children:"string"})," (",(0,l.jsx)(t.em,{children:"url"}),")"]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"external_id"}),": ",(0,l.jsx)(t.code,{children:"string"})]})]})]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"object_marking_refs"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The list of marking-definition objects to be applied to this object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"granular_markings"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The set of granular markings that apply to this object."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.em,{children:"Array of objects:"}),(0,l.jsx)("br",{}),(0,l.jsxs)("ul",{children:[(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"marking_ref"}),": ",(0,l.jsx)(t.code,{children:"any"})," - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4."]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"selectors"}),": ",(0,l.jsx)(t.code,{children:"Array"})]})]})]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"extensions"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Specifies any extensions of the object, as a dictionary."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,l.jsx)(t.code,{children:"string"})," ",(0,l.jsx)(t.em,{children:"and values of type"})," ",(0,l.jsx)(t.em,{children:"Object with properties:"}),(0,l.jsxs)("ul",{children:[(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"extension_type"}),": ",(0,l.jsx)(t.code,{children:"string"})]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"extension_properties"}),": ",(0,l.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,l.jsx)(t.code,{children:"string"})," ",(0,l.jsx)(t.em,{children:"and values of type"})," ",(0,l.jsx)(t.code,{children:"unknown"})," (",(0,l.jsx)(t.em,{children:"optional & nullable"}),")"]})]})," ",(0,l.jsx)(t.em,{children:"or"})," ",(0,l.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,l.jsx)(t.code,{children:"string"})," ",(0,l.jsx)(t.em,{children:"and values of type"})," ",(0,l.jsx)(t.code,{children:"unknown"})," (",(0,l.jsx)(t.em,{children:"optional & nullable"}),")"]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"name"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The name of the object."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.code,{children:"string"})," (",(0,l.jsx)(t.em,{children:"min length: 1"}),")"]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"x_mitre_attack_spec_version"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"string"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"x_mitre_version"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"x_mitre_old_attack_id"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Old ATT&CK IDs that may have been associated with this object"}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"string"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"x_mitre_deprecated"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Indicates whether the object has been deprecated."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"boolean"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"description"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"A description of the object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"string"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"x_mitre_platforms"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"List of platforms that apply to the object."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.code,{children:"Array<'Field Controller/RTU/PLC/IED' | 'Network' | 'Data Historian' | 'Google Workspace' | 'Office 365' | 'Containers' | 'Azure AD' | 'Engineering Workstation' | 'Control Server' | 'Human-Machine Interface' | 'Windows' | 'Linux' | 'IaaS' | 'None' | 'iOS' | 'PRE' | 'SaaS' | 'Input/Output Server' | 'macOS' | 'Android' | ...>"})," (",(0,l.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"x_mitre_contributors"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"}}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"x_mitre_aliases"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Alternative names used to identify this software. The first alias must match the object's name."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"x_mitre_modified_by_ref"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"x_mitre_domains"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The technology domains to which the ATT&CK object belongs."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.code,{children:"Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'>"})," (",(0,l.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"aliases"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Alternative names used to identify this software."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"is_family"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Whether the object represents a malware family (if true) or a malware instance (if false)"}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"boolean"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"malware_types"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"A set of categorizations for the malware being described."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array<'adware' | 'backdoor' | 'bot' | 'bootkit' | 'ddos' | 'downloader' | 'dropper' | 'exploit-kit' | 'keylogger' | 'ransomware' | 'remote-access-trojan' | 'resource-exploitation' | 'rogue-security-software' | 'rootkit' | 'screen-capture' | 'spyware' | 'trojan' | 'virus' | 'webshell' | 'wiper' | ...>"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"kill_chain_phases"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The list of Kill Chain Phases for which this malware can be used."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.em,{children:"Array of objects:"}),(0,l.jsx)("br",{}),(0,l.jsxs)("ul",{children:[(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"phase_name"}),": ",(0,l.jsx)(t.code,{children:"string"})]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"kill_chain_name"}),": ",(0,l.jsx)(t.code,{children:"'mitre-attack' | 'mitre-mobile-attack' | 'mitre-ics-attack'"})]})]})]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"first_seen"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The time that this malware instance or malware family was first seen."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"last_seen"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The time that this malware family or malware instance was last seen."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"os_execution_envs"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The operating systems that the malware family or malware instance is executable on. This applies to virtualized operating systems as well as those running on bare metal."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"architecture_execution_envs"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The processor architectures (e.g., x86, ARM, etc.) that the malware instance or family is executable on."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array<'alpha' | 'arm' | 'ia-64' | 'mips' | 'powerpc' | 'sparc' | 'x86' | 'x86-64'>"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"implementation_languages"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The programming language(s) used to implement the malware instance or family."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array<'applescript' | 'bash' | 'c' | 'c++' | 'c#' | 'go' | 'java' | 'javascript' | 'lua' | 'objective-c' | 'perl' | 'php' | 'powershell' | 'python' | 'ruby' | 'scala' | 'swift' | 'typescript' | 'visual-basic' | 'x86-32' | ...>"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"capabilities"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Any of the capabilities identified for the malware instance or family."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array<'accesses-remote-machines' | 'anti-debugging' | 'anti-disassembly' | 'anti-emulation' | 'anti-memory-forensics' | 'anti-sandbox' | 'anti-vm' | 'captures-input-peripherals' | 'captures-output-peripherals' | 'captures-system-state-data' | 'cleans-traces-of-infection' | 'commits-fraud' | 'communicates-with-c2' | 'compromises-data-integrity' | 'compromises-data-availability' | 'compromises-system-availability' | 'controls-local-machine' | 'degrades-security-software' | 'degrades-system-updates' | 'determines-c2-server' | ...>"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"sample_refs"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The sample_refs property specifies a list of identifiers of the SCO file or artifact objects associated with this malware instance(s) or family."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array<[StixArtifactType](#stixartifacttype) _or_ [StixFileType](#stixfiletype)>"})})]})]})]}),"\n",(0,l.jsx)(t.p,{children:(0,l.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,l.jsx)(t.h2,{id:"stixartifacttype",children:"StixArtifactType"}),"\n",(0,l.jsx)(t.p,{children:"Used to specify the artifact stixType of the sample_refs property."}),"\n",(0,l.jsx)(t.p,{children:(0,l.jsx)(t.em,{children:"Any type."})}),"\n",(0,l.jsx)(t.h2,{id:"stixfiletype",children:"StixFileType"}),"\n",(0,l.jsx)(t.p,{children:"Used to specify the file stixType of the sample_refs property."}),"\n",(0,l.jsx)(t.p,{children:(0,l.jsx)(t.em,{children:"Any type."})})]})}function x(e={}){const{wrapper:t}={...(0,i.R)(),...e.components};return t?(0,l.jsx)(t,{...e,children:(0,l.jsx)(o,{...e})}):o(e)}},8453:(e,t,s)=>{s.d(t,{R:()=>r,x:()=>d});var l=s(6540);const i={},n=l.createContext(i);function r(e){const t=l.useContext(n);return l.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function d(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:r(e.components),l.createElement(n.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/168a7715.6a0e03ad.js b/assets/js/168a7715.6a0e03ad.js deleted file mode 100644 index 9be71db..0000000 --- a/assets/js/168a7715.6a0e03ad.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[775],{3860:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>d,contentTitle:()=>o,default:()=>u,frontMatter:()=>s,metadata:()=>c,toc:()=>i});var n=a(4848),r=a(8453);const s={},o="Malware Schema",c={id:"sdo/malware.schema",title:"Malware Schema",description:"",source:"@site/docs/sdo/malware.schema.md",sourceDirName:"sdo",slug:"/sdo/malware.schema",permalink:"/attack-data-model/docs/sdo/malware.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Identity Schema",permalink:"/attack-data-model/docs/sdo/identity.schema"},next:{title:"Matrix Schema",permalink:"/attack-data-model/docs/sdo/matrix.schema"}},d={},i=[];function m(e){const t={h1:"h1",header:"header",...(0,r.R)(),...e.components};return(0,n.jsx)(t.header,{children:(0,n.jsx)(t.h1,{id:"malware-schema",children:"Malware Schema"})})}function u(e={}){const{wrapper:t}={...(0,r.R)(),...e.components};return t?(0,n.jsx)(t,{...e,children:(0,n.jsx)(m,{...e})}):m(e)}},8453:(e,t,a)=>{a.d(t,{R:()=>o,x:()=>c});var n=a(6540);const r={},s=n.createContext(r);function o(e){const t=n.useContext(s);return n.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function c(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(r):e.components||r:o(e.components),n.createElement(s.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/219f03bb.219555c7.js b/assets/js/219f03bb.219555c7.js deleted file mode 100644 index 7c4547f..0000000 --- a/assets/js/219f03bb.219555c7.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[478],{4287:(e,n,t)=>{t.r(n),t.d(n,{assets:()=>c,contentTitle:()=>r,default:()=>u,frontMatter:()=>a,metadata:()=>s,toc:()=>d});var i=t(4848),o=t(8453);const a={},r="Marking definition Schema",s={id:"smo/marking-definition.schema",title:"Marking definition Schema",description:"",source:"@site/docs/smo/marking-definition.schema.md",sourceDirName:"smo",slug:"/smo/marking-definition.schema",permalink:"/attack-data-model/docs/smo/marking-definition.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Relationship Schema",permalink:"/attack-data-model/docs/sro/relationship.schema"}},c={},d=[];function m(e){const n={h1:"h1",header:"header",...(0,o.R)(),...e.components};return(0,i.jsx)(n.header,{children:(0,i.jsx)(n.h1,{id:"marking-definition-schema",children:"Marking definition Schema"})})}function u(e={}){const{wrapper:n}={...(0,o.R)(),...e.components};return n?(0,i.jsx)(n,{...e,children:(0,i.jsx)(m,{...e})}):m(e)}},8453:(e,n,t)=>{t.d(n,{R:()=>r,x:()=>s});var i=t(6540);const o={},a=i.createContext(o);function r(e){const n=i.useContext(a);return i.useMemo((function(){return"function"==typeof e?e(n):{...n,...e}}),[n,e])}function s(e){let n;return n=e.disableParentContext?"function"==typeof e.components?e.components(o):e.components||o:r(e.components),i.createElement(a.Provider,{value:n},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/219f03bb.a43c4b3e.js b/assets/js/219f03bb.a43c4b3e.js new file mode 100644 index 0000000..2d9f1a2 --- /dev/null +++ b/assets/js/219f03bb.a43c4b3e.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[478],{4287:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>d,default:()=>j,frontMatter:()=>s,metadata:()=>r,toc:()=>h});var i=n(4848),l=n(8453);const s={},d="Marking definition Schema",r={id:"smo/marking-definition.schema",title:"Marking definition Schema",description:"BaseMarkingDefinition",source:"@site/docs/smo/marking-definition.schema.md",sourceDirName:"smo",slug:"/smo/marking-definition.schema",permalink:"/attack-data-model/docs/smo/marking-definition.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Relationship Schema",permalink:"/attack-data-model/docs/sro/relationship.schema"}},c={},h=[{value:"BaseMarkingDefinition",id:"basemarkingdefinition",level:2},{value:"MarkingDefinition",id:"markingdefinition",level:2},{value:"StatementMarkingObject",id:"statementmarkingobject",level:2},{value:"TlpAmber",id:"tlpamber",level:2},{value:"TlpGreen",id:"tlpgreen",level:2},{value:"TlpMarkingDefinition",id:"tlpmarkingdefinition",level:2},{value:"TlpMarkingObject",id:"tlpmarkingobject",level:2},{value:"TlpRed",id:"tlpred",level:2},{value:"TlpWhite",id:"tlpwhite",level:2}];function x(e){const t={a:"a",code:"code",em:"em",h1:"h1",h2:"h2",header:"header",li:"li",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,l.R)(),...e.components};return(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(t.header,{children:(0,i.jsx)(t.h1,{id:"marking-definition-schema",children:"Marking definition Schema"})}),"\n",(0,i.jsx)(t.h2,{id:"basemarkingdefinition",children:"BaseMarkingDefinition"}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,i.jsxs)(t.table,{children:[(0,i.jsx)(t.thead,{children:(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,i.jsxs)(t.tbody,{children:[(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'marking-definition'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'2.1'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"id"})})," (*)"]}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"string"})," (",(0,i.jsx)(t.em,{children:"uuid"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"created"})})," (*)"]}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"string"})," (",(0,i.jsx)(t.em,{children:"ISO 8601"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"definition_type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'tlp'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"name"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"definition"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.a,{href:"#tlpmarkingobject",children:"TlpMarkingObject"})})]})]})]}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,i.jsx)(t.h2,{id:"markingdefinition",children:"MarkingDefinition"}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,i.jsxs)(t.table,{children:[(0,i.jsx)(t.thead,{children:(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,i.jsxs)(t.tbody,{children:[(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"id"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'marking-definition'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"name"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The name of the object."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"string"})," (",(0,i.jsx)(t.em,{children:"min length: 1"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the STIX specification used to represent this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'2.0' | '2.1'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"created"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"created_by_ref"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The ID of the Source object that describes who created this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"definition_type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The definition_type property identifies the type of Marking Definition."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'statement' | 'tlp'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"definition"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The definition property contains the marking object itself (e.g., the TLP marking as defined in section 7.2.1.4, the Statement marking as defined in section 7.2.1.3). Any new marking definitions SHOULD be specified using the extension facility described in section 7.3. If the extensions property is not present, this property MUST be present."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.a,{href:"#tlpmarkingobject",children:"TlpMarkingObject"})," ",(0,i.jsx)(t.em,{children:"or"})," ",(0,i.jsx)(t.a,{href:"#statementmarkingobject",children:"StatementMarkingObject"})]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_domains"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The technology domains to which the ATT&CK object belongs."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'>"})," (",(0,i.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_attack_spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]})]})]}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,i.jsx)(t.h2,{id:"statementmarkingobject",children:"StatementMarkingObject"}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,i.jsxs)(t.table,{children:[(0,i.jsx)(t.thead,{children:(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,i.jsx)(t.tbody,{children:(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"statement"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"A Statement (e.g., copyright, terms of use) applied to the content marked by this marking definition."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]})})]}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,i.jsx)(t.h2,{id:"tlpamber",children:"TlpAmber"}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,i.jsxs)(t.table,{children:[(0,i.jsx)(t.thead,{children:(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,i.jsxs)(t.tbody,{children:[(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'marking-definition'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'2.1'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"id"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'marking-definition--f88d31f6-486f-44da-b317-01333bde0b82'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"created"})})," (*)"]}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"string"})," (",(0,i.jsx)(t.em,{children:"ISO 8601"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"definition_type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'tlp'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"name"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'TLP:AMBER'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"definition"})})," (*)"]}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Object with properties:"}),(0,i.jsx)("ul",{children:(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"tlp"}),": ",(0,i.jsx)(t.code,{children:"'amber'"})]})})]})]})]})]}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,i.jsx)(t.h2,{id:"tlpgreen",children:"TlpGreen"}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,i.jsxs)(t.table,{children:[(0,i.jsx)(t.thead,{children:(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,i.jsxs)(t.tbody,{children:[(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'marking-definition'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'2.1'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"id"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"created"})})," (*)"]}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"string"})," (",(0,i.jsx)(t.em,{children:"ISO 8601"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"definition_type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'tlp'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"name"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'TLP:GREEN'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"definition"})})," (*)"]}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Object with properties:"}),(0,i.jsx)("ul",{children:(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"tlp"}),": ",(0,i.jsx)(t.code,{children:"'green'"})]})})]})]})]})]}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,i.jsx)(t.h2,{id:"tlpmarkingdefinition",children:"TlpMarkingDefinition"}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"Union of the following possible types:"})}),"\n",(0,i.jsxs)(t.ul,{children:["\n",(0,i.jsx)(t.li,{children:(0,i.jsx)(t.a,{href:"#tlpwhite",children:"TlpWhite"})}),"\n",(0,i.jsx)(t.li,{children:(0,i.jsx)(t.a,{href:"#tlpgreen",children:"TlpGreen"})}),"\n",(0,i.jsx)(t.li,{children:(0,i.jsx)(t.a,{href:"#tlpamber",children:"TlpAmber"})}),"\n",(0,i.jsx)(t.li,{children:(0,i.jsx)(t.a,{href:"#tlpred",children:"TlpRed"})}),"\n"]}),"\n",(0,i.jsx)(t.h2,{id:"tlpmarkingobject",children:"TlpMarkingObject"}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,i.jsxs)(t.table,{children:[(0,i.jsx)(t.thead,{children:(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,i.jsx)(t.tbody,{children:(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"tlp"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The TLP level [TLP] of the content marked by this marking definition, as defined in this section."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]})})]}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,i.jsx)(t.h2,{id:"tlpred",children:"TlpRed"}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,i.jsxs)(t.table,{children:[(0,i.jsx)(t.thead,{children:(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,i.jsxs)(t.tbody,{children:[(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'marking-definition'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'2.1'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"id"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"created"})})," (*)"]}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"string"})," (",(0,i.jsx)(t.em,{children:"ISO 8601"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"definition_type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'tlp'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"name"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'TLP:RED'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"definition"})})," (*)"]}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Object with properties:"}),(0,i.jsx)("ul",{children:(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"tlp"}),": ",(0,i.jsx)(t.code,{children:"'red'"})]})})]})]})]})]}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,i.jsx)(t.h2,{id:"tlpwhite",children:"TlpWhite"}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,i.jsxs)(t.table,{children:[(0,i.jsx)(t.thead,{children:(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,i.jsxs)(t.tbody,{children:[(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'marking-definition'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'2.1'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"id"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"created"})})," (*)"]}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"string"})," (",(0,i.jsx)(t.em,{children:"ISO 8601"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"definition_type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'tlp'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"name"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'TLP:WHITE'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"definition"})})," (*)"]}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Object with properties:"}),(0,i.jsx)("ul",{children:(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"tlp"}),": ",(0,i.jsx)(t.code,{children:"'white'"})]})})]})]})]})]}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"(*) Required."})})]})}function j(e={}){const{wrapper:t}={...(0,l.R)(),...e.components};return t?(0,i.jsx)(t,{...e,children:(0,i.jsx)(x,{...e})}):x(e)}},8453:(e,t,n)=>{n.d(t,{R:()=>d,x:()=>r});var i=n(6540);const l={},s=i.createContext(l);function d(e){const t=i.useContext(s);return i.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function r(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(l):e.components||l:d(e.components),i.createElement(s.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/225bffaf.6aa345ca.js b/assets/js/225bffaf.6aa345ca.js new file mode 100644 index 0000000..9bccdb2 --- /dev/null +++ b/assets/js/225bffaf.6aa345ca.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[799],{9881:(e,t,s)=>{s.r(t),s.d(t,{assets:()=>c,contentTitle:()=>r,default:()=>x,frontMatter:()=>l,metadata:()=>d,toc:()=>o});var n=s(4848),i=s(8453);const l={},r="Data component Schema",d={id:"sdo/data-component.schema",title:"Data component Schema",description:"DataComponent",source:"@site/docs/sdo/data-component.schema.md",sourceDirName:"sdo",slug:"/sdo/data-component.schema",permalink:"/attack-data-model/docs/sdo/data-component.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Collection Schema",permalink:"/attack-data-model/docs/sdo/collection.schema"},next:{title:"Data source Schema",permalink:"/attack-data-model/docs/sdo/data-source.schema"}},c={},o=[{value:"DataComponent",id:"datacomponent",level:2},{value:"XMitreDataSourceRef",id:"xmitredatasourceref",level:2}];function h(e){const t={a:"a",code:"code",em:"em",h1:"h1",h2:"h2",header:"header",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",...(0,i.R)(),...e.components};return(0,n.jsxs)(n.Fragment,{children:[(0,n.jsx)(t.header,{children:(0,n.jsx)(t.h1,{id:"data-component-schema",children:"Data component Schema"})}),"\n",(0,n.jsx)(t.h2,{id:"datacomponent",children:"DataComponent"}),"\n",(0,n.jsx)(t.p,{children:(0,n.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,n.jsxs)(t.table,{children:[(0,n.jsx)(t.thead,{children:(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,n.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,n.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,n.jsxs)(t.tbody,{children:[(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"id"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"}}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"type"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"}}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"'x-mitre-data-component'"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the STIX specification used to represent this object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"'2.0' | '2.1'"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"created"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"modified"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"created_by_ref"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"labels"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The labels property specifies a set of terms used to describe this object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"Array"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"revoked"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The revoked property indicates whether the object has been revoked."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"boolean"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"confidence"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"}}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.code,{children:"number"})," (",(0,n.jsx)(t.em,{children:"int, \u22651, \u226499"}),")"]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"lang"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Identifies the language of the text content in this object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"external_references"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"A list of external references which refers to non-STIX information."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.em,{children:"Array of at least 1 objects:"}),(0,n.jsx)("br",{}),(0,n.jsxs)("ul",{children:[(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"source_name"}),": ",(0,n.jsx)(t.code,{children:"string"})]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"description"}),": ",(0,n.jsx)(t.code,{children:"string"})]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"url"}),": ",(0,n.jsx)(t.code,{children:"string"})," (",(0,n.jsx)(t.em,{children:"url"}),")"]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"external_id"}),": ",(0,n.jsx)(t.code,{children:"string"})]})]})]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"object_marking_refs"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The list of marking-definition objects to be applied to this object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"Array"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"granular_markings"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The set of granular markings that apply to this object."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.em,{children:"Array of objects:"}),(0,n.jsx)("br",{}),(0,n.jsxs)("ul",{children:[(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"marking_ref"}),": ",(0,n.jsx)(t.code,{children:"any"})," - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4."]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"selectors"}),": ",(0,n.jsx)(t.code,{children:"Array"})]})]})]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"extensions"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Specifies any extensions of the object, as a dictionary."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,n.jsx)(t.code,{children:"string"})," ",(0,n.jsx)(t.em,{children:"and values of type"})," ",(0,n.jsx)(t.em,{children:"Object with properties:"}),(0,n.jsxs)("ul",{children:[(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"extension_type"}),": ",(0,n.jsx)(t.code,{children:"string"})]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"extension_properties"}),": ",(0,n.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,n.jsx)(t.code,{children:"string"})," ",(0,n.jsx)(t.em,{children:"and values of type"})," ",(0,n.jsx)(t.code,{children:"unknown"})," (",(0,n.jsx)(t.em,{children:"optional & nullable"}),")"]})]})," ",(0,n.jsx)(t.em,{children:"or"})," ",(0,n.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,n.jsx)(t.code,{children:"string"})," ",(0,n.jsx)(t.em,{children:"and values of type"})," ",(0,n.jsx)(t.code,{children:"unknown"})," (",(0,n.jsx)(t.em,{children:"optional & nullable"}),")"]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"name"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The name of the object."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.code,{children:"string"})," (",(0,n.jsx)(t.em,{children:"min length: 1"}),")"]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"x_mitre_attack_spec_version"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"x_mitre_version"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"x_mitre_old_attack_id"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Old ATT&CK IDs that may have been associated with this object"}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"x_mitre_deprecated"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Indicates whether the object has been deprecated."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"boolean"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"description"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"A description of the object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"x_mitre_domains"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The technology domains to which the ATT&CK object belongs."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.code,{children:"Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'>"})," (",(0,n.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"x_mitre_modified_by_ref"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"x_mitre_data_source_ref"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"STIX ID of the data source this component is a part of."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.a,{href:"#xmitredatasourceref",children:"XMitreDataSourceRef"})})]})]})]}),"\n",(0,n.jsx)(t.p,{children:(0,n.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,n.jsx)(t.h2,{id:"xmitredatasourceref",children:"XMitreDataSourceRef"}),"\n",(0,n.jsx)(t.p,{children:"STIX ID of the data source this component is a part of."}),"\n",(0,n.jsx)(t.p,{children:(0,n.jsx)(t.em,{children:"Any type."})})]})}function x(e={}){const{wrapper:t}={...(0,i.R)(),...e.components};return t?(0,n.jsx)(t,{...e,children:(0,n.jsx)(h,{...e})}):h(e)}},8453:(e,t,s)=>{s.d(t,{R:()=>r,x:()=>d});var n=s(6540);const i={},l=n.createContext(i);function r(e){const t=n.useContext(l);return n.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function d(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:r(e.components),n.createElement(l.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/225bffaf.f484ef37.js b/assets/js/225bffaf.f484ef37.js deleted file mode 100644 index 2fd4c5b..0000000 --- a/assets/js/225bffaf.f484ef37.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[799],{9881:(e,t,o)=>{o.r(t),o.d(t,{assets:()=>d,contentTitle:()=>s,default:()=>u,frontMatter:()=>c,metadata:()=>r,toc:()=>m});var n=o(4848),a=o(8453);const c={},s="Data component Schema",r={id:"sdo/data-component.schema",title:"Data component Schema",description:"",source:"@site/docs/sdo/data-component.schema.md",sourceDirName:"sdo",slug:"/sdo/data-component.schema",permalink:"/attack-data-model/docs/sdo/data-component.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Collection Schema",permalink:"/attack-data-model/docs/sdo/collection.schema"},next:{title:"Data source Schema",permalink:"/attack-data-model/docs/sdo/data-source.schema"}},d={},m=[];function i(e){const t={h1:"h1",header:"header",...(0,a.R)(),...e.components};return(0,n.jsx)(t.header,{children:(0,n.jsx)(t.h1,{id:"data-component-schema",children:"Data component Schema"})})}function u(e={}){const{wrapper:t}={...(0,a.R)(),...e.components};return t?(0,n.jsx)(t,{...e,children:(0,n.jsx)(i,{...e})}):i(e)}},8453:(e,t,o)=>{o.d(t,{R:()=>s,x:()=>r});var n=o(6540);const a={},c=n.createContext(a);function s(e){const t=n.useContext(c);return n.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function r(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(a):e.components||a:s(e.components),n.createElement(c.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/320f0fb2.8942a67e.js b/assets/js/320f0fb2.a9bd3236.js similarity index 96% rename from assets/js/320f0fb2.8942a67e.js rename to assets/js/320f0fb2.a9bd3236.js index fb13278..8b7f002 100644 --- a/assets/js/320f0fb2.8942a67e.js +++ b/assets/js/320f0fb2.a9bd3236.js @@ -1 +1 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[52],{8887:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>r,default:()=>d,frontMatter:()=>a,metadata:()=>c,toc:()=>u});var o=n(4848),s=n(8453);const a={slug:"known-issues",title:"ATT&CK v16 - October 2024",authors:["mitreattack"]},r=void 0,c={permalink:"/attack-data-model/blog/known-issues",source:"@site/blog/october-2024.md",title:"ATT&CK v16 - October 2024",description:"The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base.",date:"2024-10-21T13:36:06.000Z",tags:[],hasTruncateMarker:!1,authors:[{name:"MITRE ATT&CK",title:"A knowledge base for describing the behavior of adversaries",url:"https://attack.mitre.org",page:null,socials:{x:"https://twitter.com/mitreattack",github:"https://github.com/mitre-attack"},imageURL:"img/attack.jpg",key:"mitreattack"}],frontMatter:{slug:"known-issues",title:"ATT&CK v16 - October 2024",authors:["mitreattack"]},unlisted:!1},i={authorsImageUrls:[void 0]},u=[];function l(e){const t={p:"p",...(0,s.R)(),...e.components};return(0,o.jsx)(t.p,{children:"The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base.\nThese issues reflect elements that do not conform to the Zod schemas and require changes to bring the\nknowledge base into full compliance. Your understanding and patience are appreciated as we work to\nmake improvements."})}function d(e={}){const{wrapper:t}={...(0,s.R)(),...e.components};return t?(0,o.jsx)(t,{...e,children:(0,o.jsx)(l,{...e})}):l(e)}},8453:(e,t,n)=>{n.d(t,{R:()=>r,x:()=>c});var o=n(6540);const s={},a=o.createContext(s);function r(e){const t=o.useContext(a);return o.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function c(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:r(e.components),o.createElement(a.Provider,{value:t},e.children)}}}]); \ No newline at end of file +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[52],{8887:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>r,default:()=>d,frontMatter:()=>a,metadata:()=>c,toc:()=>u});var o=n(4848),s=n(8453);const a={slug:"known-issues",title:"ATT&CK v16 - October 2024",authors:["mitreattack"]},r=void 0,c={permalink:"/attack-data-model/blog/known-issues",source:"@site/blog/october-2024.md",title:"ATT&CK v16 - October 2024",description:"The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base.",date:"2024-10-21T13:40:45.000Z",tags:[],hasTruncateMarker:!1,authors:[{name:"MITRE ATT&CK",title:"A knowledge base for describing the behavior of adversaries",url:"https://attack.mitre.org",page:null,socials:{x:"https://twitter.com/mitreattack",github:"https://github.com/mitre-attack"},imageURL:"img/attack.jpg",key:"mitreattack"}],frontMatter:{slug:"known-issues",title:"ATT&CK v16 - October 2024",authors:["mitreattack"]},unlisted:!1},i={authorsImageUrls:[void 0]},u=[];function l(e){const t={p:"p",...(0,s.R)(),...e.components};return(0,o.jsx)(t.p,{children:"The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base.\nThese issues reflect elements that do not conform to the Zod schemas and require changes to bring the\nknowledge base into full compliance. Your understanding and patience are appreciated as we work to\nmake improvements."})}function d(e={}){const{wrapper:t}={...(0,s.R)(),...e.components};return t?(0,o.jsx)(t,{...e,children:(0,o.jsx)(l,{...e})}):l(e)}},8453:(e,t,n)=>{n.d(t,{R:()=>r,x:()=>c});var o=n(6540);const s={},a=o.createContext(s);function r(e){const t=o.useContext(a);return o.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function c(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:r(e.components),o.createElement(a.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/3f548cca.2afcb332.js b/assets/js/3f548cca.2afcb332.js new file mode 100644 index 0000000..5259cc2 --- /dev/null +++ b/assets/js/3f548cca.2afcb332.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[620],{9741:(e,t,s)=>{s.r(t),s.d(t,{assets:()=>c,contentTitle:()=>r,default:()=>x,frontMatter:()=>l,metadata:()=>d,toc:()=>o});var n=s(4848),i=s(8453);const l={},r="Identity Schema",d={id:"sdo/identity.schema",title:"Identity Schema",description:"Identity",source:"@site/docs/sdo/identity.schema.md",sourceDirName:"sdo",slug:"/sdo/identity.schema",permalink:"/attack-data-model/docs/sdo/identity.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Group Schema",permalink:"/attack-data-model/docs/sdo/group.schema"},next:{title:"Malware Schema",permalink:"/attack-data-model/docs/sdo/malware.schema"}},c={},o=[{value:"Identity",id:"identity",level:2}];function h(e){const t={code:"code",em:"em",h1:"h1",h2:"h2",header:"header",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",...(0,i.R)(),...e.components};return(0,n.jsxs)(n.Fragment,{children:[(0,n.jsx)(t.header,{children:(0,n.jsx)(t.h1,{id:"identity-schema",children:"Identity Schema"})}),"\n",(0,n.jsx)(t.h2,{id:"identity",children:"Identity"}),"\n",(0,n.jsx)(t.p,{children:(0,n.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,n.jsxs)(t.table,{children:[(0,n.jsx)(t.thead,{children:(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,n.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,n.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,n.jsxs)(t.tbody,{children:[(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"id"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"}}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"type"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"}}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"'identity'"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the STIX specification used to represent this object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"'2.0' | '2.1'"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"created"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"modified"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"created_by_ref"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"labels"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The labels property specifies a set of terms used to describe this object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"Array"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"revoked"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The revoked property indicates whether the object has been revoked."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"boolean"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"confidence"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"}}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.code,{children:"number"})," (",(0,n.jsx)(t.em,{children:"int, \u22651, \u226499"}),")"]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"lang"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Identifies the language of the text content in this object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"external_references"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"A list of external references which refers to non-STIX information."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.em,{children:"Array of at least 1 objects:"}),(0,n.jsx)("br",{}),(0,n.jsxs)("ul",{children:[(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"source_name"}),": ",(0,n.jsx)(t.code,{children:"string"})]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"description"}),": ",(0,n.jsx)(t.code,{children:"string"})]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"url"}),": ",(0,n.jsx)(t.code,{children:"string"})," (",(0,n.jsx)(t.em,{children:"url"}),")"]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"external_id"}),": ",(0,n.jsx)(t.code,{children:"string"})]})]})]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"object_marking_refs"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The list of marking-definition objects to be applied to this object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"Array"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"granular_markings"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The set of granular markings that apply to this object."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.em,{children:"Array of objects:"}),(0,n.jsx)("br",{}),(0,n.jsxs)("ul",{children:[(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"marking_ref"}),": ",(0,n.jsx)(t.code,{children:"any"})," - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4."]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"selectors"}),": ",(0,n.jsx)(t.code,{children:"Array"})]})]})]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"extensions"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Specifies any extensions of the object, as a dictionary."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,n.jsx)(t.code,{children:"string"})," ",(0,n.jsx)(t.em,{children:"and values of type"})," ",(0,n.jsx)(t.em,{children:"Object with properties:"}),(0,n.jsxs)("ul",{children:[(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"extension_type"}),": ",(0,n.jsx)(t.code,{children:"string"})]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"extension_properties"}),": ",(0,n.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,n.jsx)(t.code,{children:"string"})," ",(0,n.jsx)(t.em,{children:"and values of type"})," ",(0,n.jsx)(t.code,{children:"unknown"})," (",(0,n.jsx)(t.em,{children:"optional & nullable"}),")"]})]})," ",(0,n.jsx)(t.em,{children:"or"})," ",(0,n.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,n.jsx)(t.code,{children:"string"})," ",(0,n.jsx)(t.em,{children:"and values of type"})," ",(0,n.jsx)(t.code,{children:"unknown"})," (",(0,n.jsx)(t.em,{children:"optional & nullable"}),")"]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"name"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The name of the object."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.code,{children:"string"})," (",(0,n.jsx)(t.em,{children:"min length: 1"}),")"]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"x_mitre_attack_spec_version"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"x_mitre_version"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"x_mitre_old_attack_id"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Old ATT&CK IDs that may have been associated with this object"}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"x_mitre_deprecated"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Indicates whether the object has been deprecated."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"boolean"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"identity_class"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The type of entity that this Identity describes, e.g., an individual or organization. This is an open vocabulary and the values SHOULD come from the identity-class-ov vocabulary."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"'individual' | 'group' | 'system' | 'organization' | 'class' | 'unspecified'"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"x_mitre_domains"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The technology domains to which the ATT&CK object belongs."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.code,{children:"Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'>"})," (",(0,n.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"description"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"A description of the object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"roles"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The list of roles that this Identity performs."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"Array"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"sectors"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The list of industry sectors that this Identity belongs to. This is an open vocabulary and values SHOULD come from the industry-sector-ov vocabulary."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"Array<'agriculture' | 'aerospace' | 'automotive' | 'chemical' | 'commercial' | 'communications' | 'construction' | 'defense' | 'education' | 'energy' | 'entertainment' | 'financial-services' | 'government' | 'government-emergency-services' | 'government-local' | 'government-national' | 'government-public-services' | 'government-regional' | 'healthcare' | 'hospitality-leisure' | ...>"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"contact_information"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The contact information (e-mail, phone number, etc.) for this Identity."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]})]})]}),"\n",(0,n.jsx)(t.p,{children:(0,n.jsx)(t.em,{children:"(*) Required."})})]})}function x(e={}){const{wrapper:t}={...(0,i.R)(),...e.components};return t?(0,n.jsx)(t,{...e,children:(0,n.jsx)(h,{...e})}):h(e)}},8453:(e,t,s)=>{s.d(t,{R:()=>r,x:()=>d});var n=s(6540);const i={},l=n.createContext(i);function r(e){const t=n.useContext(l);return n.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function d(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:r(e.components),n.createElement(l.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/3f548cca.737ff296.js b/assets/js/3f548cca.737ff296.js deleted file mode 100644 index b0d1b12..0000000 --- a/assets/js/3f548cca.737ff296.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[620],{9741:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>d,contentTitle:()=>c,default:()=>m,frontMatter:()=>s,metadata:()=>r,toc:()=>i});var a=n(4848),o=n(8453);const s={},c="Identity Schema",r={id:"sdo/identity.schema",title:"Identity Schema",description:"",source:"@site/docs/sdo/identity.schema.md",sourceDirName:"sdo",slug:"/sdo/identity.schema",permalink:"/attack-data-model/docs/sdo/identity.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Group Schema",permalink:"/attack-data-model/docs/sdo/group.schema"},next:{title:"Malware Schema",permalink:"/attack-data-model/docs/sdo/malware.schema"}},d={},i=[];function u(e){const t={h1:"h1",header:"header",...(0,o.R)(),...e.components};return(0,a.jsx)(t.header,{children:(0,a.jsx)(t.h1,{id:"identity-schema",children:"Identity Schema"})})}function m(e={}){const{wrapper:t}={...(0,o.R)(),...e.components};return t?(0,a.jsx)(t,{...e,children:(0,a.jsx)(u,{...e})}):u(e)}},8453:(e,t,n)=>{n.d(t,{R:()=>c,x:()=>r});var a=n(6540);const o={},s=a.createContext(o);function c(e){const t=a.useContext(s);return a.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function r(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(o):e.components||o:c(e.components),a.createElement(s.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/60fafb26.ab1ffe77.js b/assets/js/60fafb26.964825f1.js similarity index 89% rename from assets/js/60fafb26.ab1ffe77.js rename to assets/js/60fafb26.964825f1.js index f37f6bd..97c53b4 100644 --- a/assets/js/60fafb26.ab1ffe77.js +++ b/assets/js/60fafb26.964825f1.js @@ -1 +1 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[822],{3191:e=>{e.exports=JSON.parse('{"archive":{"blogPosts":[{"id":"known-issues","metadata":{"permalink":"/attack-data-model/blog/known-issues","source":"@site/blog/october-2024.md","title":"ATT&CK v16 - October 2024","description":"The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base.","date":"2024-10-21T13:36:06.000Z","tags":[],"hasTruncateMarker":false,"authors":[{"name":"MITRE ATT&CK","title":"A knowledge base for describing the behavior of adversaries","url":"https://attack.mitre.org","page":null,"socials":{"x":"https://twitter.com/mitreattack","github":"https://github.com/mitre-attack"},"imageURL":"img/attack.jpg","key":"mitreattack"}],"frontMatter":{"slug":"known-issues","title":"ATT&CK v16 - October 2024","authors":["mitreattack"]},"unlisted":false},"content":"The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base.\\nThese issues reflect elements that do not conform to the Zod schemas and require changes to bring the\\nknowledge base into full compliance. Your understanding and patience are appreciated as we work to\\nmake improvements."}]}}')}}]); \ No newline at end of file +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[822],{3191:e=>{e.exports=JSON.parse('{"archive":{"blogPosts":[{"id":"known-issues","metadata":{"permalink":"/attack-data-model/blog/known-issues","source":"@site/blog/october-2024.md","title":"ATT&CK v16 - October 2024","description":"The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base.","date":"2024-10-21T13:40:45.000Z","tags":[],"hasTruncateMarker":false,"authors":[{"name":"MITRE ATT&CK","title":"A knowledge base for describing the behavior of adversaries","url":"https://attack.mitre.org","page":null,"socials":{"x":"https://twitter.com/mitreattack","github":"https://github.com/mitre-attack"},"imageURL":"img/attack.jpg","key":"mitreattack"}],"frontMatter":{"slug":"known-issues","title":"ATT&CK v16 - October 2024","authors":["mitreattack"]},"unlisted":false},"content":"The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base.\\nThese issues reflect elements that do not conform to the Zod schemas and require changes to bring the\\nknowledge base into full compliance. Your understanding and patience are appreciated as we work to\\nmake improvements."}]}}')}}]); \ No newline at end of file diff --git a/assets/js/64a2cd0f.028ab007.js b/assets/js/64a2cd0f.cfbe6157.js similarity index 96% rename from assets/js/64a2cd0f.028ab007.js rename to assets/js/64a2cd0f.cfbe6157.js index ca09f95..f87c0df 100644 --- a/assets/js/64a2cd0f.028ab007.js +++ b/assets/js/64a2cd0f.cfbe6157.js @@ -1 +1 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[19],{5721:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>r,default:()=>d,frontMatter:()=>a,metadata:()=>c,toc:()=>u});var o=n(4848),s=n(8453);const a={slug:"known-issues",title:"ATT&CK v16 - October 2024",authors:["mitreattack"]},r=void 0,c={permalink:"/attack-data-model/blog/known-issues",source:"@site/blog/october-2024.md",title:"ATT&CK v16 - October 2024",description:"The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base.",date:"2024-10-21T13:36:06.000Z",tags:[],hasTruncateMarker:!1,authors:[{name:"MITRE ATT&CK",title:"A knowledge base for describing the behavior of adversaries",url:"https://attack.mitre.org",page:null,socials:{x:"https://twitter.com/mitreattack",github:"https://github.com/mitre-attack"},imageURL:"img/attack.jpg",key:"mitreattack"}],frontMatter:{slug:"known-issues",title:"ATT&CK v16 - October 2024",authors:["mitreattack"]},unlisted:!1},i={authorsImageUrls:[void 0]},u=[];function l(e){const t={p:"p",...(0,s.R)(),...e.components};return(0,o.jsx)(t.p,{children:"The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base.\nThese issues reflect elements that do not conform to the Zod schemas and require changes to bring the\nknowledge base into full compliance. Your understanding and patience are appreciated as we work to\nmake improvements."})}function d(e={}){const{wrapper:t}={...(0,s.R)(),...e.components};return t?(0,o.jsx)(t,{...e,children:(0,o.jsx)(l,{...e})}):l(e)}},8453:(e,t,n)=>{n.d(t,{R:()=>r,x:()=>c});var o=n(6540);const s={},a=o.createContext(s);function r(e){const t=o.useContext(a);return o.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function c(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:r(e.components),o.createElement(a.Provider,{value:t},e.children)}}}]); \ No newline at end of file +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[19],{5721:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>i,contentTitle:()=>r,default:()=>d,frontMatter:()=>a,metadata:()=>c,toc:()=>u});var o=n(4848),s=n(8453);const a={slug:"known-issues",title:"ATT&CK v16 - October 2024",authors:["mitreattack"]},r=void 0,c={permalink:"/attack-data-model/blog/known-issues",source:"@site/blog/october-2024.md",title:"ATT&CK v16 - October 2024",description:"The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base.",date:"2024-10-21T13:40:45.000Z",tags:[],hasTruncateMarker:!1,authors:[{name:"MITRE ATT&CK",title:"A knowledge base for describing the behavior of adversaries",url:"https://attack.mitre.org",page:null,socials:{x:"https://twitter.com/mitreattack",github:"https://github.com/mitre-attack"},imageURL:"img/attack.jpg",key:"mitreattack"}],frontMatter:{slug:"known-issues",title:"ATT&CK v16 - October 2024",authors:["mitreattack"]},unlisted:!1},i={authorsImageUrls:[void 0]},u=[];function l(e){const t={p:"p",...(0,s.R)(),...e.components};return(0,o.jsx)(t.p,{children:"The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base.\nThese issues reflect elements that do not conform to the Zod schemas and require changes to bring the\nknowledge base into full compliance. Your understanding and patience are appreciated as we work to\nmake improvements."})}function d(e={}){const{wrapper:t}={...(0,s.R)(),...e.components};return t?(0,o.jsx)(t,{...e,children:(0,o.jsx)(l,{...e})}):l(e)}},8453:(e,t,n)=>{n.d(t,{R:()=>r,x:()=>c});var o=n(6540);const s={},a=o.createContext(s);function r(e){const t=o.useContext(a);return o.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function c(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:r(e.components),o.createElement(a.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/65ac31b8.31c32edc.js b/assets/js/65ac31b8.31c32edc.js new file mode 100644 index 0000000..a93099d --- /dev/null +++ b/assets/js/65ac31b8.31c32edc.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[250],{8340:(e,t,s)=>{s.r(t),s.d(t,{assets:()=>c,contentTitle:()=>r,default:()=>x,frontMatter:()=>i,metadata:()=>d,toc:()=>o});var l=s(4848),n=s(8453);const i={},r="Software Schema",d={id:"sdo/software.schema",title:"Software Schema",description:"Software",source:"@site/docs/sdo/software.schema.md",sourceDirName:"sdo",slug:"/sdo/software.schema",permalink:"/attack-data-model/docs/sdo/software.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Mitigation Schema",permalink:"/attack-data-model/docs/sdo/mitigation.schema"},next:{title:"Tactic Schema",permalink:"/attack-data-model/docs/sdo/tactic.schema"}},c={},o=[{value:"Software",id:"software",level:2}];function h(e){const t={code:"code",em:"em",h1:"h1",h2:"h2",header:"header",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",...(0,n.R)(),...e.components};return(0,l.jsxs)(l.Fragment,{children:[(0,l.jsx)(t.header,{children:(0,l.jsx)(t.h1,{id:"software-schema",children:"Software Schema"})}),"\n",(0,l.jsx)(t.h2,{id:"software",children:"Software"}),"\n",(0,l.jsx)(t.p,{children:(0,l.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,l.jsxs)(t.table,{children:[(0,l.jsx)(t.thead,{children:(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,l.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,l.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,l.jsxs)(t.tbody,{children:[(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"id"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The id property universally and uniquely identifies this object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"type"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"}}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"'malware' | 'tool'"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the STIX specification used to represent this object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"'2.0' | '2.1'"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"created"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"modified"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"created_by_ref"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The ID of the Source object that describes who created this object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"labels"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The labels property specifies a set of terms used to describe this object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"revoked"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The revoked property indicates whether the object has been revoked."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"boolean"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"confidence"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"}}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.code,{children:"number"})," (",(0,l.jsx)(t.em,{children:"int, \u22651, \u226499"}),")"]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"lang"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Identifies the language of the text content in this object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"string"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"external_references"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"A list of external references which refers to non-STIX information."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.em,{children:"Array of at least 1 objects:"}),(0,l.jsx)("br",{}),(0,l.jsxs)("ul",{children:[(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"source_name"}),": ",(0,l.jsx)(t.code,{children:"string"})]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"description"}),": ",(0,l.jsx)(t.code,{children:"string"})]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"url"}),": ",(0,l.jsx)(t.code,{children:"string"})," (",(0,l.jsx)(t.em,{children:"url"}),")"]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"external_id"}),": ",(0,l.jsx)(t.code,{children:"string"})]})]})]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"object_marking_refs"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The list of marking-definition objects to be applied to this object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"granular_markings"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The set of granular markings that apply to this object."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.em,{children:"Array of objects:"}),(0,l.jsx)("br",{}),(0,l.jsxs)("ul",{children:[(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"marking_ref"}),": ",(0,l.jsx)(t.code,{children:"any"})," - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4."]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"selectors"}),": ",(0,l.jsx)(t.code,{children:"Array"})]})]})]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"extensions"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Specifies any extensions of the object, as a dictionary."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,l.jsx)(t.code,{children:"string"})," ",(0,l.jsx)(t.em,{children:"and values of type"})," ",(0,l.jsx)(t.em,{children:"Object with properties:"}),(0,l.jsxs)("ul",{children:[(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"extension_type"}),": ",(0,l.jsx)(t.code,{children:"string"})]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"extension_properties"}),": ",(0,l.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,l.jsx)(t.code,{children:"string"})," ",(0,l.jsx)(t.em,{children:"and values of type"})," ",(0,l.jsx)(t.code,{children:"unknown"})," (",(0,l.jsx)(t.em,{children:"optional & nullable"}),")"]})]})," ",(0,l.jsx)(t.em,{children:"or"})," ",(0,l.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,l.jsx)(t.code,{children:"string"})," ",(0,l.jsx)(t.em,{children:"and values of type"})," ",(0,l.jsx)(t.code,{children:"unknown"})," (",(0,l.jsx)(t.em,{children:"optional & nullable"}),")"]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"name"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The name of the object."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.code,{children:"string"})," (",(0,l.jsx)(t.em,{children:"min length: 1"}),")"]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"x_mitre_attack_spec_version"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"string"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"x_mitre_version"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"x_mitre_old_attack_id"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Old ATT&CK IDs that may have been associated with this object"}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"string"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"x_mitre_deprecated"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Indicates whether the object has been deprecated."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"boolean"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"description"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"A description of the object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"string"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"x_mitre_platforms"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"List of platforms that apply to the object."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.code,{children:"Array<'Field Controller/RTU/PLC/IED' | 'Network' | 'Data Historian' | 'Google Workspace' | 'Office 365' | 'Containers' | 'Azure AD' | 'Engineering Workstation' | 'Control Server' | 'Human-Machine Interface' | 'Windows' | 'Linux' | 'IaaS' | 'None' | 'iOS' | 'PRE' | 'SaaS' | 'Input/Output Server' | 'macOS' | 'Android' | ...>"})," (",(0,l.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"x_mitre_contributors"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"}}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"x_mitre_aliases"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Alternative names used to identify this software. The first alias must match the object's name."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"x_mitre_modified_by_ref"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"x_mitre_domains"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The technology domains to which the ATT&CK object belongs."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.code,{children:"Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'>"})," (",(0,l.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"aliases"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Alternative names used to identify this software."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array"})})]})]})]}),"\n",(0,l.jsx)(t.p,{children:(0,l.jsx)(t.em,{children:"(*) Required."})})]})}function x(e={}){const{wrapper:t}={...(0,n.R)(),...e.components};return t?(0,l.jsx)(t,{...e,children:(0,l.jsx)(h,{...e})}):h(e)}},8453:(e,t,s)=>{s.d(t,{R:()=>r,x:()=>d});var l=s(6540);const n={},i=l.createContext(n);function r(e){const t=l.useContext(i);return l.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function d(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(n):e.components||n:r(e.components),l.createElement(i.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/65ac31b8.31cc6ee5.js b/assets/js/65ac31b8.31cc6ee5.js deleted file mode 100644 index bf0863b..0000000 --- a/assets/js/65ac31b8.31cc6ee5.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[250],{8340:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>i,contentTitle:()=>c,default:()=>m,frontMatter:()=>n,metadata:()=>r,toc:()=>d});var o=a(4848),s=a(8453);const n={},c="Software Schema",r={id:"sdo/software.schema",title:"Software Schema",description:"",source:"@site/docs/sdo/software.schema.md",sourceDirName:"sdo",slug:"/sdo/software.schema",permalink:"/attack-data-model/docs/sdo/software.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Mitigation Schema",permalink:"/attack-data-model/docs/sdo/mitigation.schema"},next:{title:"Tactic Schema",permalink:"/attack-data-model/docs/sdo/tactic.schema"}},i={},d=[];function u(e){const t={h1:"h1",header:"header",...(0,s.R)(),...e.components};return(0,o.jsx)(t.header,{children:(0,o.jsx)(t.h1,{id:"software-schema",children:"Software Schema"})})}function m(e={}){const{wrapper:t}={...(0,s.R)(),...e.components};return t?(0,o.jsx)(t,{...e,children:(0,o.jsx)(u,{...e})}):u(e)}},8453:(e,t,a)=>{a.d(t,{R:()=>c,x:()=>r});var o=a(6540);const s={},n=o.createContext(s);function c(e){const t=o.useContext(n);return o.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function r(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:c(e.components),o.createElement(n.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/77eecdb5.8967824d.js b/assets/js/77eecdb5.8967824d.js new file mode 100644 index 0000000..0c3a86e --- /dev/null +++ b/assets/js/77eecdb5.8967824d.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[69],{9504:(e,t,s)=>{s.r(t),s.d(t,{assets:()=>c,contentTitle:()=>r,default:()=>x,frontMatter:()=>l,metadata:()=>d,toc:()=>o});var i=s(4848),n=s(8453);const l={},r="Group Schema",d={id:"sdo/group.schema",title:"Group Schema",description:"Group",source:"@site/docs/sdo/group.schema.md",sourceDirName:"sdo",slug:"/sdo/group.schema",permalink:"/attack-data-model/docs/sdo/group.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Data source Schema",permalink:"/attack-data-model/docs/sdo/data-source.schema"},next:{title:"Identity Schema",permalink:"/attack-data-model/docs/sdo/identity.schema"}},c={},o=[{value:"Group",id:"group",level:2}];function h(e){const t={code:"code",em:"em",h1:"h1",h2:"h2",header:"header",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",...(0,n.R)(),...e.components};return(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(t.header,{children:(0,i.jsx)(t.h1,{id:"group-schema",children:"Group Schema"})}),"\n",(0,i.jsx)(t.h2,{id:"group",children:"Group"}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,i.jsxs)(t.table,{children:[(0,i.jsx)(t.thead,{children:(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,i.jsxs)(t.tbody,{children:[(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"id"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'intrusion-set'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the STIX specification used to represent this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'2.0' | '2.1'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"created"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"modified"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"created_by_ref"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"labels"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The labels property specifies a set of terms used to describe this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"Array"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"revoked"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The revoked property indicates whether the object has been revoked."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"boolean"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"confidence"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"number"})," (",(0,i.jsx)(t.em,{children:"int, \u22651, \u226499"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"lang"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Identifies the language of the text content in this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"external_references"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"A list of external references which refers to non-STIX information."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Array of at least 1 objects:"}),(0,i.jsx)("br",{}),(0,i.jsxs)("ul",{children:[(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"source_name"}),": ",(0,i.jsx)(t.code,{children:"string"})]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"description"}),": ",(0,i.jsx)(t.code,{children:"string"})]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"url"}),": ",(0,i.jsx)(t.code,{children:"string"})," (",(0,i.jsx)(t.em,{children:"url"}),")"]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"external_id"}),": ",(0,i.jsx)(t.code,{children:"string"})]})]})]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"object_marking_refs"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The list of marking-definition objects to be applied to this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"Array"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"granular_markings"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The set of granular markings that apply to this object."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Array of objects:"}),(0,i.jsx)("br",{}),(0,i.jsxs)("ul",{children:[(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"marking_ref"}),": ",(0,i.jsx)(t.code,{children:"any"})," - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4."]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"selectors"}),": ",(0,i.jsx)(t.code,{children:"Array"})]})]})]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"extensions"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Specifies any extensions of the object, as a dictionary."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,i.jsx)(t.code,{children:"string"})," ",(0,i.jsx)(t.em,{children:"and values of type"})," ",(0,i.jsx)(t.em,{children:"Object with properties:"}),(0,i.jsxs)("ul",{children:[(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"extension_type"}),": ",(0,i.jsx)(t.code,{children:"string"})]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"extension_properties"}),": ",(0,i.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,i.jsx)(t.code,{children:"string"})," ",(0,i.jsx)(t.em,{children:"and values of type"})," ",(0,i.jsx)(t.code,{children:"unknown"})," (",(0,i.jsx)(t.em,{children:"optional & nullable"}),")"]})]})," ",(0,i.jsx)(t.em,{children:"or"})," ",(0,i.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,i.jsx)(t.code,{children:"string"})," ",(0,i.jsx)(t.em,{children:"and values of type"})," ",(0,i.jsx)(t.code,{children:"unknown"})," (",(0,i.jsx)(t.em,{children:"optional & nullable"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"name"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The name of the object."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"string"})," (",(0,i.jsx)(t.em,{children:"min length: 1"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_attack_spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"x_mitre_old_attack_id"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Old ATT&CK IDs that may have been associated with this object"}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"x_mitre_deprecated"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Indicates whether the object has been deprecated."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"boolean"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"description"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"A description that provides more details and context about the Intrusion Set, potentially including its purpose and its key characteristics."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_domains"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The technology domains to which the ATT&CK object belongs."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'>"})," (",(0,i.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"x_mitre_contributors"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"Array"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"x_mitre_modified_by_ref"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"aliases"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Alternative names used to identify this group. The first alias must match the object's name."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"Array"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"first_seen"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The time that this Intrusion Set was first seen."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"last_seen"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The time that this Intrusion Set was last seen."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"goals"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The high-level goals of this Intrusion Set, namely, what are they trying to do."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"Array"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"resource_level"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"This property specifies the organizational level at which this Intrusion Set typically works, which in turn determines the resources available to this Intrusion Set for use in an attack."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'individual' | 'club' | 'contest' | 'team' | 'organization' | 'government'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"primary_motivation"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The primary reason, motivation, or purpose behind this Intrusion Set."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'accidental' | 'coercion' | 'dominance' | 'ideology' | 'notoriety' | 'organizational-gain' | 'personal-gain' | 'personal-satisfaction' | 'revenge' | 'unpredictable'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"secondary_motivations"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The secondary reasons, motivations, or purposes behind this Intrusion Set."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"Array<'accidental' | 'coercion' | 'dominance' | 'ideology' | 'notoriety' | 'organizational-gain' | 'personal-gain' | 'personal-satisfaction' | 'revenge' | 'unpredictable'>"})})]})]})]}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"(*) Required."})})]})}function x(e={}){const{wrapper:t}={...(0,n.R)(),...e.components};return t?(0,i.jsx)(t,{...e,children:(0,i.jsx)(h,{...e})}):h(e)}},8453:(e,t,s)=>{s.d(t,{R:()=>r,x:()=>d});var i=s(6540);const n={},l=i.createContext(n);function r(e){const t=i.useContext(l);return i.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function d(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(n):e.components||n:r(e.components),i.createElement(l.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/77eecdb5.ec3d595a.js b/assets/js/77eecdb5.ec3d595a.js deleted file mode 100644 index 692e2c0..0000000 --- a/assets/js/77eecdb5.ec3d595a.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[69],{9504:(e,t,o)=>{o.r(t),o.d(t,{assets:()=>d,contentTitle:()=>r,default:()=>m,frontMatter:()=>a,metadata:()=>c,toc:()=>u});var n=o(4848),s=o(8453);const a={},r="Group Schema",c={id:"sdo/group.schema",title:"Group Schema",description:"",source:"@site/docs/sdo/group.schema.md",sourceDirName:"sdo",slug:"/sdo/group.schema",permalink:"/attack-data-model/docs/sdo/group.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Data source Schema",permalink:"/attack-data-model/docs/sdo/data-source.schema"},next:{title:"Identity Schema",permalink:"/attack-data-model/docs/sdo/identity.schema"}},d={},u=[];function i(e){const t={h1:"h1",header:"header",...(0,s.R)(),...e.components};return(0,n.jsx)(t.header,{children:(0,n.jsx)(t.h1,{id:"group-schema",children:"Group Schema"})})}function m(e={}){const{wrapper:t}={...(0,s.R)(),...e.components};return t?(0,n.jsx)(t,{...e,children:(0,n.jsx)(i,{...e})}):i(e)}},8453:(e,t,o)=>{o.d(t,{R:()=>r,x:()=>c});var n=o(6540);const s={},a=n.createContext(s);function r(e){const t=n.useContext(a);return n.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function c(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:r(e.components),n.createElement(a.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/7f1231b0.f4a5ab59.js b/assets/js/7f1231b0.f4a5ab59.js deleted file mode 100644 index 224cefd..0000000 --- a/assets/js/7f1231b0.f4a5ab59.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[907],{4637:(e,t,s)=>{s.r(t),s.d(t,{assets:()=>d,contentTitle:()=>c,default:()=>m,frontMatter:()=>o,metadata:()=>r,toc:()=>i});var a=s(4848),n=s(8453);const o={},c="Asset Schema",r={id:"sdo/asset.schema",title:"Asset Schema",description:"",source:"@site/docs/sdo/asset.schema.md",sourceDirName:"sdo",slug:"/sdo/asset.schema",permalink:"/attack-data-model/docs/sdo/asset.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Overview",permalink:"/attack-data-model/docs/overview"},next:{title:"Campaign Schema",permalink:"/attack-data-model/docs/sdo/campaign.schema"}},d={},i=[];function u(e){const t={h1:"h1",header:"header",...(0,n.R)(),...e.components};return(0,a.jsx)(t.header,{children:(0,a.jsx)(t.h1,{id:"asset-schema",children:"Asset Schema"})})}function m(e={}){const{wrapper:t}={...(0,n.R)(),...e.components};return t?(0,a.jsx)(t,{...e,children:(0,a.jsx)(u,{...e})}):u(e)}},8453:(e,t,s)=>{s.d(t,{R:()=>c,x:()=>r});var a=s(6540);const n={},o=a.createContext(n);function c(e){const t=a.useContext(o);return a.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function r(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(n):e.components||n:c(e.components),a.createElement(o.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/7f1231b0.fe121793.js b/assets/js/7f1231b0.fe121793.js new file mode 100644 index 0000000..f41529f --- /dev/null +++ b/assets/js/7f1231b0.fe121793.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[907],{4637:(e,t,s)=>{s.r(t),s.d(t,{assets:()=>c,contentTitle:()=>r,default:()=>x,frontMatter:()=>n,metadata:()=>d,toc:()=>o});var i=s(4848),l=s(8453);const n={},r="Asset Schema",d={id:"sdo/asset.schema",title:"Asset Schema",description:"Asset",source:"@site/docs/sdo/asset.schema.md",sourceDirName:"sdo",slug:"/sdo/asset.schema",permalink:"/attack-data-model/docs/sdo/asset.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Overview",permalink:"/attack-data-model/docs/overview"},next:{title:"Campaign Schema",permalink:"/attack-data-model/docs/sdo/campaign.schema"}},c={},o=[{value:"Asset",id:"asset",level:2},{value:"RelatedAsset",id:"relatedasset",level:2},{value:"RelatedAssets",id:"relatedassets",level:2},{value:"XMitreSectors",id:"xmitresectors",level:2}];function h(e){const t={a:"a",code:"code",em:"em",h1:"h1",h2:"h2",header:"header",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",...(0,l.R)(),...e.components};return(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(t.header,{children:(0,i.jsx)(t.h1,{id:"asset-schema",children:"Asset Schema"})}),"\n",(0,i.jsx)(t.h2,{id:"asset",children:"Asset"}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,i.jsxs)(t.table,{children:[(0,i.jsx)(t.thead,{children:(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,i.jsxs)(t.tbody,{children:[(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"id"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'x-mitre-asset'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the STIX specification used to represent this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'2.0' | '2.1'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"created"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"modified"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"created_by_ref"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"labels"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The labels property specifies a set of terms used to describe this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"Array"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"revoked"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The revoked property indicates whether the object has been revoked."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"boolean"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"confidence"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"number"})," (",(0,i.jsx)(t.em,{children:"int, \u22651, \u226499"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"lang"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Identifies the language of the text content in this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"external_references"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"A list of external references which refers to non-STIX information."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Array of at least 1 objects:"}),(0,i.jsx)("br",{}),(0,i.jsxs)("ul",{children:[(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"source_name"}),": ",(0,i.jsx)(t.code,{children:"string"})]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"description"}),": ",(0,i.jsx)(t.code,{children:"string"})]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"url"}),": ",(0,i.jsx)(t.code,{children:"string"})," (",(0,i.jsx)(t.em,{children:"url"}),")"]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"external_id"}),": ",(0,i.jsx)(t.code,{children:"string"})]})]})]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"object_marking_refs"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The list of marking-definition objects to be applied to this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"Array"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"granular_markings"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The set of granular markings that apply to this object."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Array of objects:"}),(0,i.jsx)("br",{}),(0,i.jsxs)("ul",{children:[(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"marking_ref"}),": ",(0,i.jsx)(t.code,{children:"any"})," - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4."]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"selectors"}),": ",(0,i.jsx)(t.code,{children:"Array"})]})]})]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"extensions"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Specifies any extensions of the object, as a dictionary."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,i.jsx)(t.code,{children:"string"})," ",(0,i.jsx)(t.em,{children:"and values of type"})," ",(0,i.jsx)(t.em,{children:"Object with properties:"}),(0,i.jsxs)("ul",{children:[(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"extension_type"}),": ",(0,i.jsx)(t.code,{children:"string"})]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"extension_properties"}),": ",(0,i.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,i.jsx)(t.code,{children:"string"})," ",(0,i.jsx)(t.em,{children:"and values of type"})," ",(0,i.jsx)(t.code,{children:"unknown"})," (",(0,i.jsx)(t.em,{children:"optional & nullable"}),")"]})]})," ",(0,i.jsx)(t.em,{children:"or"})," ",(0,i.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,i.jsx)(t.code,{children:"string"})," ",(0,i.jsx)(t.em,{children:"and values of type"})," ",(0,i.jsx)(t.code,{children:"unknown"})," (",(0,i.jsx)(t.em,{children:"optional & nullable"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"name"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The name of the object."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"string"})," (",(0,i.jsx)(t.em,{children:"min length: 1"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_attack_spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"x_mitre_old_attack_id"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Old ATT&CK IDs that may have been associated with this object"}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"x_mitre_deprecated"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Indicates whether the object has been deprecated."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"boolean"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"description"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"A description of the object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"x_mitre_platforms"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"List of platforms that apply to the object."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"Array<'Field Controller/RTU/PLC/IED' | 'Network' | 'Data Historian' | 'Google Workspace' | 'Office 365' | 'Containers' | 'Azure AD' | 'Engineering Workstation' | 'Control Server' | 'Human-Machine Interface' | 'Windows' | 'Linux' | 'IaaS' | 'None' | 'iOS' | 'PRE' | 'SaaS' | 'Input/Output Server' | 'macOS' | 'Android' | ...>"})," (",(0,i.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_domains"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The technology domains to which the ATT&CK object belongs."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'>"})," (",(0,i.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"x_mitre_contributors"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"People and organizations who have contributed to the object. Not found on relationship objects."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"Array"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"x_mitre_sectors"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"List of industry sector(s) an asset may be commonly observed in."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.a,{href:"#xmitresectors",children:"XMitreSectors"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"x_mitre_related_assets"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Related assets describe sector specific device names or alias that may be commonly associated with the primary asset page name or functional description. Related asset objects include a description of how the related asset is associated with the page definition."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.a,{href:"#relatedassets",children:"RelatedAssets"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"x_mitre_modified_by_ref"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]})]})]}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,i.jsx)(t.h2,{id:"relatedasset",children:"RelatedAsset"}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,i.jsxs)(t.table,{children:[(0,i.jsx)(t.thead,{children:(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,i.jsxs)(t.tbody,{children:[(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"name"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"related_asset_sectors"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"List of industry sector(s) an asset may be commonly observed in."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.a,{href:"#xmitresectors",children:"XMitreSectors"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"description"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"A description of the object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]})]})]}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,i.jsx)(t.h2,{id:"relatedassets",children:"RelatedAssets"}),"\n",(0,i.jsx)(t.p,{children:"Related assets describe sector specific device names or alias that may be commonly associated with the primary asset page name or functional description. Related asset objects include a description of how the related asset is associated with the page definition."}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsxs)(t.em,{children:["Array of ",(0,i.jsx)(t.a,{href:"#relatedasset",children:"RelatedAsset"})," items."]})}),"\n",(0,i.jsx)(t.h2,{id:"xmitresectors",children:"XMitreSectors"}),"\n",(0,i.jsx)(t.p,{children:"List of industry sector(s) an asset may be commonly observed in."}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsxs)(t.em,{children:["Array of ",(0,i.jsx)(t.code,{children:"'Electric' | 'Water and Wastewater' | 'Manufacturing' | 'Rail' | 'Maritime' | 'General'"})," items."]})})]})}function x(e={}){const{wrapper:t}={...(0,l.R)(),...e.components};return t?(0,i.jsx)(t,{...e,children:(0,i.jsx)(h,{...e})}):h(e)}},8453:(e,t,s)=>{s.d(t,{R:()=>r,x:()=>d});var i=s(6540);const l={},n=i.createContext(l);function r(e){const t=i.useContext(n);return i.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function d(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(l):e.components||l:r(e.components),i.createElement(n.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/814f3328.05dd9d81.js b/assets/js/814f3328.789d8d13.js similarity index 85% rename from assets/js/814f3328.05dd9d81.js rename to assets/js/814f3328.789d8d13.js index 7cca478..9dee769 100644 --- a/assets/js/814f3328.05dd9d81.js +++ b/assets/js/814f3328.789d8d13.js @@ -1 +1 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[472],{5513:e=>{e.exports=JSON.parse('{"title":"Recent posts","items":[{"title":"ATT&CK v16 - October 2024","permalink":"/attack-data-model/blog/known-issues","unlisted":false,"date":"2024-10-21T13:36:06.000Z"}]}')}}]); \ No newline at end of file +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[472],{5513:e=>{e.exports=JSON.parse('{"title":"Recent posts","items":[{"title":"ATT&CK v16 - October 2024","permalink":"/attack-data-model/blog/known-issues","unlisted":false,"date":"2024-10-21T13:40:45.000Z"}]}')}}]); \ No newline at end of file diff --git a/assets/js/8de5005f.283ddf73.js b/assets/js/8de5005f.283ddf73.js deleted file mode 100644 index 0655951..0000000 --- a/assets/js/8de5005f.283ddf73.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[628],{4777:(e,t,o)=>{o.r(t),o.d(t,{assets:()=>d,contentTitle:()=>c,default:()=>l,frontMatter:()=>a,metadata:()=>r,toc:()=>i});var n=o(4848),s=o(8453);const a={},c="Tool Schema",r={id:"sdo/tool.schema",title:"Tool Schema",description:"",source:"@site/docs/sdo/tool.schema.md",sourceDirName:"sdo",slug:"/sdo/tool.schema",permalink:"/attack-data-model/docs/sdo/tool.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Technique Schema",permalink:"/attack-data-model/docs/sdo/technique.schema"},next:{title:"Relationship Schema",permalink:"/attack-data-model/docs/sro/relationship.schema"}},d={},i=[];function u(e){const t={h1:"h1",header:"header",...(0,s.R)(),...e.components};return(0,n.jsx)(t.header,{children:(0,n.jsx)(t.h1,{id:"tool-schema",children:"Tool Schema"})})}function l(e={}){const{wrapper:t}={...(0,s.R)(),...e.components};return t?(0,n.jsx)(t,{...e,children:(0,n.jsx)(u,{...e})}):u(e)}},8453:(e,t,o)=>{o.d(t,{R:()=>c,x:()=>r});var n=o(6540);const s={},a=n.createContext(s);function c(e){const t=n.useContext(a);return n.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function r(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:c(e.components),n.createElement(a.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/8de5005f.8567666d.js b/assets/js/8de5005f.8567666d.js new file mode 100644 index 0000000..6483b9e --- /dev/null +++ b/assets/js/8de5005f.8567666d.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[628],{4777:(e,t,s)=>{s.r(t),s.d(t,{assets:()=>c,contentTitle:()=>r,default:()=>x,frontMatter:()=>n,metadata:()=>d,toc:()=>o});var l=s(4848),i=s(8453);const n={},r="Tool Schema",d={id:"sdo/tool.schema",title:"Tool Schema",description:"Tool",source:"@site/docs/sdo/tool.schema.md",sourceDirName:"sdo",slug:"/sdo/tool.schema",permalink:"/attack-data-model/docs/sdo/tool.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Technique Schema",permalink:"/attack-data-model/docs/sdo/technique.schema"},next:{title:"Relationship Schema",permalink:"/attack-data-model/docs/sro/relationship.schema"}},c={},o=[{value:"Tool",id:"tool",level:2}];function h(e){const t={code:"code",em:"em",h1:"h1",h2:"h2",header:"header",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",...(0,i.R)(),...e.components};return(0,l.jsxs)(l.Fragment,{children:[(0,l.jsx)(t.header,{children:(0,l.jsx)(t.h1,{id:"tool-schema",children:"Tool Schema"})}),"\n",(0,l.jsx)(t.h2,{id:"tool",children:"Tool"}),"\n",(0,l.jsx)(t.p,{children:(0,l.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,l.jsxs)(t.table,{children:[(0,l.jsx)(t.thead,{children:(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,l.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,l.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,l.jsxs)(t.tbody,{children:[(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"id"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"}}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"type"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"}}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"'tool'"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the STIX specification used to represent this object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"'2.0' | '2.1'"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"created"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"modified"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"created_by_ref"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The ID of the Source object that describes who created this object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"labels"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The labels property specifies a set of terms used to describe this object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"revoked"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The revoked property indicates whether the object has been revoked."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"boolean"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"confidence"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"}}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.code,{children:"number"})," (",(0,l.jsx)(t.em,{children:"int, \u22651, \u226499"}),")"]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"lang"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Identifies the language of the text content in this object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"string"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"external_references"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"A list of external references which refers to non-STIX information."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.em,{children:"Array of at least 1 objects:"}),(0,l.jsx)("br",{}),(0,l.jsxs)("ul",{children:[(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"source_name"}),": ",(0,l.jsx)(t.code,{children:"string"})]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"description"}),": ",(0,l.jsx)(t.code,{children:"string"})]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"url"}),": ",(0,l.jsx)(t.code,{children:"string"})," (",(0,l.jsx)(t.em,{children:"url"}),")"]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"external_id"}),": ",(0,l.jsx)(t.code,{children:"string"})]})]})]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"object_marking_refs"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The list of marking-definition objects to be applied to this object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"granular_markings"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The set of granular markings that apply to this object."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.em,{children:"Array of objects:"}),(0,l.jsx)("br",{}),(0,l.jsxs)("ul",{children:[(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"marking_ref"}),": ",(0,l.jsx)(t.code,{children:"any"})," - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4."]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"selectors"}),": ",(0,l.jsx)(t.code,{children:"Array"})]})]})]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"extensions"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Specifies any extensions of the object, as a dictionary."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,l.jsx)(t.code,{children:"string"})," ",(0,l.jsx)(t.em,{children:"and values of type"})," ",(0,l.jsx)(t.em,{children:"Object with properties:"}),(0,l.jsxs)("ul",{children:[(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"extension_type"}),": ",(0,l.jsx)(t.code,{children:"string"})]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"extension_properties"}),": ",(0,l.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,l.jsx)(t.code,{children:"string"})," ",(0,l.jsx)(t.em,{children:"and values of type"})," ",(0,l.jsx)(t.code,{children:"unknown"})," (",(0,l.jsx)(t.em,{children:"optional & nullable"}),")"]})]})," ",(0,l.jsx)(t.em,{children:"or"})," ",(0,l.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,l.jsx)(t.code,{children:"string"})," ",(0,l.jsx)(t.em,{children:"and values of type"})," ",(0,l.jsx)(t.code,{children:"unknown"})," (",(0,l.jsx)(t.em,{children:"optional & nullable"}),")"]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"name"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The name of the object."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.code,{children:"string"})," (",(0,l.jsx)(t.em,{children:"min length: 1"}),")"]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"x_mitre_attack_spec_version"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"string"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"x_mitre_version"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"x_mitre_old_attack_id"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Old ATT&CK IDs that may have been associated with this object"}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"string"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"x_mitre_deprecated"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Indicates whether the object has been deprecated."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"boolean"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"description"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"A description of the object."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"string"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"x_mitre_platforms"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"List of platforms that apply to the object."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.code,{children:"Array<'Field Controller/RTU/PLC/IED' | 'Network' | 'Data Historian' | 'Google Workspace' | 'Office 365' | 'Containers' | 'Azure AD' | 'Engineering Workstation' | 'Control Server' | 'Human-Machine Interface' | 'Windows' | 'Linux' | 'IaaS' | 'None' | 'iOS' | 'PRE' | 'SaaS' | 'Input/Output Server' | 'macOS' | 'Android' | ...>"})," (",(0,l.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"x_mitre_contributors"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"}}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"x_mitre_aliases"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Alternative names used to identify this software. The first alias must match the object's name."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"x_mitre_modified_by_ref"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"any"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.strong,{children:(0,l.jsx)(t.code,{children:"x_mitre_domains"})})," (*)"]}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The technology domains to which the ATT&CK object belongs."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.code,{children:"Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'>"})," (",(0,l.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"aliases"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"Alternative names used to identify this software."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"tool_types"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The kind(s) of tool(s) being described."}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"Array<'denial-of-service' | 'exploitation' | 'information-gathering' | 'network-capture' | 'credential-exploitation' | 'remote-access' | 'vulnerability-scanning' | 'unknown'>"})})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"kill_chain_phases"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The list of kill chain phases for which this Tool can be used."}),(0,l.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,l.jsx)(t.em,{children:"Array of objects:"}),(0,l.jsx)("br",{}),(0,l.jsxs)("ul",{children:[(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"phase_name"}),": ",(0,l.jsx)(t.code,{children:"string"})]}),(0,l.jsxs)("li",{children:[(0,l.jsx)(t.code,{children:"kill_chain_name"}),": ",(0,l.jsx)(t.code,{children:"'mitre-attack' | 'mitre-mobile-attack' | 'mitre-ics-attack'"})]})]})]})]}),(0,l.jsxs)(t.tr,{children:[(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"tool_version"})}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:"The version identifier associated with the Tool"}),(0,l.jsx)(t.td,{style:{textAlign:"left"},children:(0,l.jsx)(t.code,{children:"string"})})]})]})]}),"\n",(0,l.jsx)(t.p,{children:(0,l.jsx)(t.em,{children:"(*) Required."})})]})}function x(e={}){const{wrapper:t}={...(0,i.R)(),...e.components};return t?(0,l.jsx)(t,{...e,children:(0,l.jsx)(h,{...e})}):h(e)}},8453:(e,t,s)=>{s.d(t,{R:()=>r,x:()=>d});var l=s(6540);const i={},n=l.createContext(i);function r(e){const t=l.useContext(n);return l.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function d(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:r(e.components),l.createElement(n.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/b60462fd.c0563616.js b/assets/js/b60462fd.c0563616.js new file mode 100644 index 0000000..b9d526b --- /dev/null +++ b/assets/js/b60462fd.c0563616.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[641],{8848:(e,t,s)=>{s.r(t),s.d(t,{assets:()=>c,contentTitle:()=>r,default:()=>x,frontMatter:()=>l,metadata:()=>d,toc:()=>h});var i=s(4848),n=s(8453);const l={},r="Matrix Schema",d={id:"sdo/matrix.schema",title:"Matrix Schema",description:"Matrix",source:"@site/docs/sdo/matrix.schema.md",sourceDirName:"sdo",slug:"/sdo/matrix.schema",permalink:"/attack-data-model/docs/sdo/matrix.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Malware Schema",permalink:"/attack-data-model/docs/sdo/malware.schema"},next:{title:"Mitigation Schema",permalink:"/attack-data-model/docs/sdo/mitigation.schema"}},c={},h=[{value:"Matrix",id:"matrix",level:2},{value:"XMitreTacticRefs",id:"xmitretacticrefs",level:2}];function o(e){const t={a:"a",code:"code",em:"em",h1:"h1",h2:"h2",header:"header",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",...(0,n.R)(),...e.components};return(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(t.header,{children:(0,i.jsx)(t.h1,{id:"matrix-schema",children:"Matrix Schema"})}),"\n",(0,i.jsx)(t.h2,{id:"matrix",children:"Matrix"}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,i.jsxs)(t.table,{children:[(0,i.jsx)(t.thead,{children:(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,i.jsxs)(t.tbody,{children:[(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"id"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'x-mitre-matrix'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the STIX specification used to represent this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'2.0' | '2.1'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"created"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"modified"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"created_by_ref"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"labels"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The labels property specifies a set of terms used to describe this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"Array"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"revoked"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The revoked property indicates whether the object has been revoked."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"boolean"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"confidence"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"number"})," (",(0,i.jsx)(t.em,{children:"int, \u22651, \u226499"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"lang"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Identifies the language of the text content in this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"external_references"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"A list of external references which refers to non-STIX information."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Array of at least 1 objects:"}),(0,i.jsx)("br",{}),(0,i.jsxs)("ul",{children:[(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"source_name"}),": ",(0,i.jsx)(t.code,{children:"string"})]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"description"}),": ",(0,i.jsx)(t.code,{children:"string"})]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"url"}),": ",(0,i.jsx)(t.code,{children:"string"})," (",(0,i.jsx)(t.em,{children:"url"}),")"]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"external_id"}),": ",(0,i.jsx)(t.code,{children:"string"})]})]})]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"object_marking_refs"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The list of marking-definition objects to be applied to this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"Array"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"granular_markings"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The set of granular markings that apply to this object."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Array of objects:"}),(0,i.jsx)("br",{}),(0,i.jsxs)("ul",{children:[(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"marking_ref"}),": ",(0,i.jsx)(t.code,{children:"any"})," - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4."]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"selectors"}),": ",(0,i.jsx)(t.code,{children:"Array"})]})]})]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"extensions"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Specifies any extensions of the object, as a dictionary."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,i.jsx)(t.code,{children:"string"})," ",(0,i.jsx)(t.em,{children:"and values of type"})," ",(0,i.jsx)(t.em,{children:"Object with properties:"}),(0,i.jsxs)("ul",{children:[(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"extension_type"}),": ",(0,i.jsx)(t.code,{children:"string"})]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"extension_properties"}),": ",(0,i.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,i.jsx)(t.code,{children:"string"})," ",(0,i.jsx)(t.em,{children:"and values of type"})," ",(0,i.jsx)(t.code,{children:"unknown"})," (",(0,i.jsx)(t.em,{children:"optional & nullable"}),")"]})]})," ",(0,i.jsx)(t.em,{children:"or"})," ",(0,i.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,i.jsx)(t.code,{children:"string"})," ",(0,i.jsx)(t.em,{children:"and values of type"})," ",(0,i.jsx)(t.code,{children:"unknown"})," (",(0,i.jsx)(t.em,{children:"optional & nullable"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"name"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The name of the object."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"string"})," (",(0,i.jsx)(t.em,{children:"min length: 1"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_attack_spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"x_mitre_old_attack_id"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Old ATT&CK IDs that may have been associated with this object"}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"x_mitre_deprecated"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Indicates whether the object has been deprecated."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"boolean"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"description"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"A description of the object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_domains"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The technology domains to which the ATT&CK object belongs."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'>"})," (",(0,i.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_modified_by_ref"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"tactic_refs"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"An ordered list of x-mitre-tactic STIX IDs corresponding to the tactics of the matrix. The order determines the appearance within the matrix."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.a,{href:"#xmitretacticrefs",children:"XMitreTacticRefs"})})]})]})]}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,i.jsx)(t.h2,{id:"xmitretacticrefs",children:"XMitreTacticRefs"}),"\n",(0,i.jsx)(t.p,{children:"An ordered list of x-mitre-tactic STIX IDs corresponding to the tactics of the matrix. The order determines the appearance within the matrix."}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsxs)(t.em,{children:["Array of ",(0,i.jsx)(t.code,{children:"any"})," items."]})})]})}function x(e={}){const{wrapper:t}={...(0,n.R)(),...e.components};return t?(0,i.jsx)(t,{...e,children:(0,i.jsx)(o,{...e})}):o(e)}},8453:(e,t,s)=>{s.d(t,{R:()=>r,x:()=>d});var i=s(6540);const n={},l=i.createContext(n);function r(e){const t=i.useContext(l);return i.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function d(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(n):e.components||n:r(e.components),i.createElement(l.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/b60462fd.c1926a5e.js b/assets/js/b60462fd.c1926a5e.js deleted file mode 100644 index 0a86576..0000000 --- a/assets/js/b60462fd.c1926a5e.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[641],{8848:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>i,contentTitle:()=>s,default:()=>u,frontMatter:()=>r,metadata:()=>c,toc:()=>d});var n=a(4848),o=a(8453);const r={},s="Matrix Schema",c={id:"sdo/matrix.schema",title:"Matrix Schema",description:"",source:"@site/docs/sdo/matrix.schema.md",sourceDirName:"sdo",slug:"/sdo/matrix.schema",permalink:"/attack-data-model/docs/sdo/matrix.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Malware Schema",permalink:"/attack-data-model/docs/sdo/malware.schema"},next:{title:"Mitigation Schema",permalink:"/attack-data-model/docs/sdo/mitigation.schema"}},i={},d=[];function m(e){const t={h1:"h1",header:"header",...(0,o.R)(),...e.components};return(0,n.jsx)(t.header,{children:(0,n.jsx)(t.h1,{id:"matrix-schema",children:"Matrix Schema"})})}function u(e={}){const{wrapper:t}={...(0,o.R)(),...e.components};return t?(0,n.jsx)(t,{...e,children:(0,n.jsx)(m,{...e})}):m(e)}},8453:(e,t,a)=>{a.d(t,{R:()=>s,x:()=>c});var n=a(6540);const o={},r=n.createContext(o);function s(e){const t=n.useContext(r);return n.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function c(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(o):e.components||o:s(e.components),n.createElement(r.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/bf2461d0.84b49ee0.js b/assets/js/bf2461d0.84b49ee0.js new file mode 100644 index 0000000..6c880d7 --- /dev/null +++ b/assets/js/bf2461d0.84b49ee0.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[702],{4167:(e,t,i)=>{i.r(t),i.d(t,{assets:()=>d,contentTitle:()=>c,default:()=>x,frontMatter:()=>l,metadata:()=>r,toc:()=>h});var s=i(4848),n=i(8453);const l={},c="Tactic Schema",r={id:"sdo/tactic.schema",title:"Tactic Schema",description:"Tactic",source:"@site/docs/sdo/tactic.schema.md",sourceDirName:"sdo",slug:"/sdo/tactic.schema",permalink:"/attack-data-model/docs/sdo/tactic.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Software Schema",permalink:"/attack-data-model/docs/sdo/software.schema"},next:{title:"Technique Schema",permalink:"/attack-data-model/docs/sdo/technique.schema"}},d={},h=[{value:"Tactic",id:"tactic",level:2},{value:"XMitreShortName",id:"xmitreshortname",level:2}];function o(e){const t={a:"a",code:"code",em:"em",h1:"h1",h2:"h2",header:"header",li:"li",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,n.R)(),...e.components},{Details:i}=t;return i||function(e,t){throw new Error("Expected "+(t?"component":"object")+" `"+e+"` to be defined: you likely forgot to import, pass, or provide it.")}("Details",!0),(0,s.jsxs)(s.Fragment,{children:[(0,s.jsx)(t.header,{children:(0,s.jsx)(t.h1,{id:"tactic-schema",children:"Tactic Schema"})}),"\n",(0,s.jsx)(t.h2,{id:"tactic",children:"Tactic"}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,s.jsxs)(t.table,{children:[(0,s.jsx)(t.thead,{children:(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,s.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,s.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,s.jsxs)(t.tbody,{children:[(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"id"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"}}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"type"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"}}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"'x-mitre-tactic'"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the STIX specification used to represent this object."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"'2.0' | '2.1'"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"created"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"modified"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"created_by_ref"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"labels"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The labels property specifies a set of terms used to describe this object."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"Array"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"revoked"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The revoked property indicates whether the object has been revoked."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"boolean"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"confidence"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"}}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.code,{children:"number"})," (",(0,s.jsx)(t.em,{children:"int, \u22651, \u226499"}),")"]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"lang"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Identifies the language of the text content in this object."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"string"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"external_references"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"A list of external references which refers to non-STIX information."}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.em,{children:"Array of at least 1 objects:"}),(0,s.jsx)("br",{}),(0,s.jsxs)("ul",{children:[(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"source_name"}),": ",(0,s.jsx)(t.code,{children:"string"})]}),(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"description"}),": ",(0,s.jsx)(t.code,{children:"string"})]}),(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"url"}),": ",(0,s.jsx)(t.code,{children:"string"})," (",(0,s.jsx)(t.em,{children:"url"}),")"]}),(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"external_id"}),": ",(0,s.jsx)(t.code,{children:"string"})]})]})]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"object_marking_refs"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The list of marking-definition objects to be applied to this object."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"Array"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"granular_markings"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The set of granular markings that apply to this object."}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.em,{children:"Array of objects:"}),(0,s.jsx)("br",{}),(0,s.jsxs)("ul",{children:[(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"marking_ref"}),": ",(0,s.jsx)(t.code,{children:"any"})," - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4."]}),(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"selectors"}),": ",(0,s.jsx)(t.code,{children:"Array"})]})]})]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"extensions"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Specifies any extensions of the object, as a dictionary."}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,s.jsx)(t.code,{children:"string"})," ",(0,s.jsx)(t.em,{children:"and values of type"})," ",(0,s.jsx)(t.em,{children:"Object with properties:"}),(0,s.jsxs)("ul",{children:[(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"extension_type"}),": ",(0,s.jsx)(t.code,{children:"string"})]}),(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"extension_properties"}),": ",(0,s.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,s.jsx)(t.code,{children:"string"})," ",(0,s.jsx)(t.em,{children:"and values of type"})," ",(0,s.jsx)(t.code,{children:"unknown"})," (",(0,s.jsx)(t.em,{children:"optional & nullable"}),")"]})]})," ",(0,s.jsx)(t.em,{children:"or"})," ",(0,s.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,s.jsx)(t.code,{children:"string"})," ",(0,s.jsx)(t.em,{children:"and values of type"})," ",(0,s.jsx)(t.code,{children:"unknown"})," (",(0,s.jsx)(t.em,{children:"optional & nullable"}),")"]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"name"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The name of the object."}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.code,{children:"string"})," (",(0,s.jsx)(t.em,{children:"min length: 1"}),")"]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"x_mitre_attack_spec_version"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"string"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"x_mitre_version"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_old_attack_id"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Old ATT&CK IDs that may have been associated with this object"}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"string"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_deprecated"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Indicates whether the object has been deprecated."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"boolean"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"description"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"A description of the object."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"string"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"x_mitre_domains"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The technology domains to which the ATT&CK object belongs."}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.code,{children:"Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'>"})," (",(0,s.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"x_mitre_shortname"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The x_mitre_shortname of the tactic is used for mapping techniques into the tactic. It corresponds to kill_chain_phases.phase_name of the techniques in the tactic."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.a,{href:"#xmitreshortname",children:"XMitreShortName"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"x_mitre_modified_by_ref"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]})]})]}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,s.jsx)(t.h2,{id:"xmitreshortname",children:"XMitreShortName"}),"\n",(0,s.jsx)(t.p,{children:"The x_mitre_shortname of the tactic is used for mapping techniques into the tactic. It corresponds to kill_chain_phases.phase_name of the techniques in the tactic."}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsx)(t.em,{children:"Enum string, one of the following possible values:"})}),"\n",(0,s.jsxs)(i,{children:[(0,s.jsx)("summary",{children:(0,s.jsx)("i",{children:"Expand for full list of 40 values"})}),(0,s.jsxs)(t.ul,{children:["\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'credential-access'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'execution'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'impact'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'persistence'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'privilege-escalation'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'lateral-movement'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'defense-evasion'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'exfiltration'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'discovery'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'collection'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'resource-development'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'reconnaissance'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'command-and-control'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'initial-access'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'inhibit-response-function'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'privilege-escalation'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'lateral-movement'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'discovery'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'initial-access'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'impact'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'persistence'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'execution'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'command-and-control'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'collection'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'evasion'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'impair-process-control'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'initial-access'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'exfiltration'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'persistence'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'privilege-escalation'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'command-and-control'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'execution'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'impact'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'credential-access'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'collection'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'lateral-movement'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'defense-evasion'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'network-effects'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'discovery'"})}),"\n",(0,s.jsx)(t.li,{children:(0,s.jsx)(t.code,{children:"'remote-service-effects'"})}),"\n"]})]})]})}function x(e={}){const{wrapper:t}={...(0,n.R)(),...e.components};return t?(0,s.jsx)(t,{...e,children:(0,s.jsx)(o,{...e})}):o(e)}},8453:(e,t,i)=>{i.d(t,{R:()=>c,x:()=>r});var s=i(6540);const n={},l=s.createContext(n);function c(e){const t=s.useContext(l);return s.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function r(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(n):e.components||n:c(e.components),s.createElement(l.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/bf2461d0.d9b64d00.js b/assets/js/bf2461d0.d9b64d00.js deleted file mode 100644 index 17f269a..0000000 --- a/assets/js/bf2461d0.d9b64d00.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[702],{4167:(e,t,c)=>{c.r(t),c.d(t,{assets:()=>i,contentTitle:()=>s,default:()=>m,frontMatter:()=>o,metadata:()=>r,toc:()=>d});var a=c(4848),n=c(8453);const o={},s="Tactic Schema",r={id:"sdo/tactic.schema",title:"Tactic Schema",description:"",source:"@site/docs/sdo/tactic.schema.md",sourceDirName:"sdo",slug:"/sdo/tactic.schema",permalink:"/attack-data-model/docs/sdo/tactic.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Software Schema",permalink:"/attack-data-model/docs/sdo/software.schema"},next:{title:"Technique Schema",permalink:"/attack-data-model/docs/sdo/technique.schema"}},i={},d=[];function u(e){const t={h1:"h1",header:"header",...(0,n.R)(),...e.components};return(0,a.jsx)(t.header,{children:(0,a.jsx)(t.h1,{id:"tactic-schema",children:"Tactic Schema"})})}function m(e={}){const{wrapper:t}={...(0,n.R)(),...e.components};return t?(0,a.jsx)(t,{...e,children:(0,a.jsx)(u,{...e})}):u(e)}},8453:(e,t,c)=>{c.d(t,{R:()=>s,x:()=>r});var a=c(6540);const n={},o=a.createContext(n);function s(e){const t=a.useContext(o);return a.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function r(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(n):e.components||n:s(e.components),a.createElement(o.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/cbeda633.9208e3aa.js b/assets/js/cbeda633.9208e3aa.js deleted file mode 100644 index aaaf2b5..0000000 --- a/assets/js/cbeda633.9208e3aa.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[216],{6051:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>r,default:()=>h,frontMatter:()=>a,metadata:()=>i,toc:()=>d});var o=n(4848),s=n(8453);const a={},r="Relationship Schema",i={id:"sro/relationship.schema",title:"Relationship Schema",description:"",source:"@site/docs/sro/relationship.schema.md",sourceDirName:"sro",slug:"/sro/relationship.schema",permalink:"/attack-data-model/docs/sro/relationship.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Tool Schema",permalink:"/attack-data-model/docs/sdo/tool.schema"},next:{title:"Marking definition Schema",permalink:"/attack-data-model/docs/smo/marking-definition.schema"}},c={},d=[];function l(e){const t={h1:"h1",header:"header",...(0,s.R)(),...e.components};return(0,o.jsx)(t.header,{children:(0,o.jsx)(t.h1,{id:"relationship-schema",children:"Relationship Schema"})})}function h(e={}){const{wrapper:t}={...(0,s.R)(),...e.components};return t?(0,o.jsx)(t,{...e,children:(0,o.jsx)(l,{...e})}):l(e)}},8453:(e,t,n)=>{n.d(t,{R:()=>r,x:()=>i});var o=n(6540);const s={},a=o.createContext(s);function r(e){const t=o.useContext(a);return o.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function i(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:r(e.components),o.createElement(a.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/cbeda633.e2ce3ac3.js b/assets/js/cbeda633.e2ce3ac3.js new file mode 100644 index 0000000..b1a9c7b --- /dev/null +++ b/assets/js/cbeda633.e2ce3ac3.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[216],{6051:(e,t,s)=>{s.r(t),s.d(t,{assets:()=>c,contentTitle:()=>r,default:()=>x,frontMatter:()=>l,metadata:()=>d,toc:()=>h});var i=s(4848),n=s(8453);const l={},r="Relationship Schema",d={id:"sro/relationship.schema",title:"Relationship Schema",description:"Relationship",source:"@site/docs/sro/relationship.schema.md",sourceDirName:"sro",slug:"/sro/relationship.schema",permalink:"/attack-data-model/docs/sro/relationship.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Tool Schema",permalink:"/attack-data-model/docs/sdo/tool.schema"},next:{title:"Marking definition Schema",permalink:"/attack-data-model/docs/smo/marking-definition.schema"}},c={},h=[{value:"Relationship",id:"relationship",level:2},{value:"RelationshipType",id:"relationshiptype",level:2}];function o(e){const t={a:"a",code:"code",em:"em",h1:"h1",h2:"h2",header:"header",li:"li",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",ul:"ul",...(0,n.R)(),...e.components};return(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(t.header,{children:(0,i.jsx)(t.h1,{id:"relationship-schema",children:"Relationship Schema"})}),"\n",(0,i.jsx)(t.h2,{id:"relationship",children:"Relationship"}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,i.jsxs)(t.table,{children:[(0,i.jsx)(t.thead,{children:(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,i.jsxs)(t.tbody,{children:[(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"id"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'relationship'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the STIX specification used to represent this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'2.0' | '2.1'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"created"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"modified"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"created_by_ref"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"labels"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The labels property specifies a set of terms used to describe this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"Array"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"revoked"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The revoked property indicates whether the object has been revoked."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"boolean"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"confidence"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"number"})," (",(0,i.jsx)(t.em,{children:"int, \u22651, \u226499"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"lang"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Identifies the language of the text content in this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"external_references"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"A list of external references which refers to non-STIX information."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Array of at least 1 objects:"}),(0,i.jsx)("br",{}),(0,i.jsxs)("ul",{children:[(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"source_name"}),": ",(0,i.jsx)(t.code,{children:"string"})]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"description"}),": ",(0,i.jsx)(t.code,{children:"string"})]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"url"}),": ",(0,i.jsx)(t.code,{children:"string"})," (",(0,i.jsx)(t.em,{children:"url"}),")"]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"external_id"}),": ",(0,i.jsx)(t.code,{children:"string"})]})]})]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"object_marking_refs"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The list of marking-definition objects to be applied to this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"Array"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"granular_markings"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The set of granular markings that apply to this object."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Array of objects:"}),(0,i.jsx)("br",{}),(0,i.jsxs)("ul",{children:[(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"marking_ref"}),": ",(0,i.jsx)(t.code,{children:"any"})," - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4."]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"selectors"}),": ",(0,i.jsx)(t.code,{children:"Array"})]})]})]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"extensions"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Specifies any extensions of the object, as a dictionary."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,i.jsx)(t.code,{children:"string"})," ",(0,i.jsx)(t.em,{children:"and values of type"})," ",(0,i.jsx)(t.em,{children:"Object with properties:"}),(0,i.jsxs)("ul",{children:[(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"extension_type"}),": ",(0,i.jsx)(t.code,{children:"string"})]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"extension_properties"}),": ",(0,i.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,i.jsx)(t.code,{children:"string"})," ",(0,i.jsx)(t.em,{children:"and values of type"})," ",(0,i.jsx)(t.code,{children:"unknown"})," (",(0,i.jsx)(t.em,{children:"optional & nullable"}),")"]})]})," ",(0,i.jsx)(t.em,{children:"or"})," ",(0,i.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,i.jsx)(t.code,{children:"string"})," ",(0,i.jsx)(t.em,{children:"and values of type"})," ",(0,i.jsx)(t.code,{children:"unknown"})," (",(0,i.jsx)(t.em,{children:"optional & nullable"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"relationship_type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The name used to identify the type of Relationship."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.a,{href:"#relationshiptype",children:"RelationshipType"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"description"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"A description of the object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"source_ref"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The ID of the source (from) object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"target_ref"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The ID of the target (to) object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_modified_by_ref"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_attack_spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_domains"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The technology domains to which the ATT&CK object belongs."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'>"})," (",(0,i.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"x_mitre_deprecated"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Indicates whether the object has been deprecated."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"boolean"})})]})]})]}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,i.jsx)(t.h2,{id:"relationshiptype",children:"RelationshipType"}),"\n",(0,i.jsx)(t.p,{children:"The name used to identify the type of Relationship."}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"Enum string, one of the following possible values:"})}),"\n",(0,i.jsxs)(t.ul,{children:["\n",(0,i.jsx)(t.li,{children:(0,i.jsx)(t.code,{children:"'uses'"})}),"\n",(0,i.jsx)(t.li,{children:(0,i.jsx)(t.code,{children:"'mitigates'"})}),"\n",(0,i.jsx)(t.li,{children:(0,i.jsx)(t.code,{children:"'subtechnique-of'"})}),"\n",(0,i.jsx)(t.li,{children:(0,i.jsx)(t.code,{children:"'detects'"})}),"\n",(0,i.jsx)(t.li,{children:(0,i.jsx)(t.code,{children:"'attributed-to'"})}),"\n",(0,i.jsx)(t.li,{children:(0,i.jsx)(t.code,{children:"'targets'"})}),"\n",(0,i.jsx)(t.li,{children:(0,i.jsx)(t.code,{children:"'revoked-by'"})}),"\n"]})]})}function x(e={}){const{wrapper:t}={...(0,n.R)(),...e.components};return t?(0,i.jsx)(t,{...e,children:(0,i.jsx)(o,{...e})}):o(e)}},8453:(e,t,s)=>{s.d(t,{R:()=>r,x:()=>d});var i=s(6540);const n={},l=i.createContext(n);function r(e){const t=i.useContext(l);return i.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function d(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(n):e.components||n:r(e.components),i.createElement(l.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/ce55f748.6a252396.js b/assets/js/ce55f748.6a252396.js deleted file mode 100644 index 389f301..0000000 --- a/assets/js/ce55f748.6a252396.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[456],{527:(e,t,o)=>{o.r(t),o.d(t,{assets:()=>i,contentTitle:()=>s,default:()=>m,frontMatter:()=>a,metadata:()=>r,toc:()=>d});var n=o(4848),c=o(8453);const a={},s="Collection Schema",r={id:"sdo/collection.schema",title:"Collection Schema",description:"",source:"@site/docs/sdo/collection.schema.md",sourceDirName:"sdo",slug:"/sdo/collection.schema",permalink:"/attack-data-model/docs/sdo/collection.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Campaign Schema",permalink:"/attack-data-model/docs/sdo/campaign.schema"},next:{title:"Data component Schema",permalink:"/attack-data-model/docs/sdo/data-component.schema"}},i={},d=[];function l(e){const t={h1:"h1",header:"header",...(0,c.R)(),...e.components};return(0,n.jsx)(t.header,{children:(0,n.jsx)(t.h1,{id:"collection-schema",children:"Collection Schema"})})}function m(e={}){const{wrapper:t}={...(0,c.R)(),...e.components};return t?(0,n.jsx)(t,{...e,children:(0,n.jsx)(l,{...e})}):l(e)}},8453:(e,t,o)=>{o.d(t,{R:()=>s,x:()=>r});var n=o(6540);const c={},a=n.createContext(c);function s(e){const t=n.useContext(a);return n.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function r(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(c):e.components||c:s(e.components),n.createElement(a.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/ce55f748.d95da42b.js b/assets/js/ce55f748.d95da42b.js new file mode 100644 index 0000000..cfe33f2 --- /dev/null +++ b/assets/js/ce55f748.d95da42b.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[456],{527:(e,t,s)=>{s.r(t),s.d(t,{assets:()=>c,contentTitle:()=>r,default:()=>x,frontMatter:()=>i,metadata:()=>d,toc:()=>o});var n=s(4848),l=s(8453);const i={},r="Collection Schema",d={id:"sdo/collection.schema",title:"Collection Schema",description:"Collection",source:"@site/docs/sdo/collection.schema.md",sourceDirName:"sdo",slug:"/sdo/collection.schema",permalink:"/attack-data-model/docs/sdo/collection.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Campaign Schema",permalink:"/attack-data-model/docs/sdo/campaign.schema"},next:{title:"Data component Schema",permalink:"/attack-data-model/docs/sdo/data-component.schema"}},c={},o=[{value:"Collection",id:"collection",level:2},{value:"ObjectVersionReference",id:"objectversionreference",level:2},{value:"XMitreContents",id:"xmitrecontents",level:2}];function h(e){const t={a:"a",code:"code",em:"em",h1:"h1",h2:"h2",header:"header",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",...(0,l.R)(),...e.components};return(0,n.jsxs)(n.Fragment,{children:[(0,n.jsx)(t.header,{children:(0,n.jsx)(t.h1,{id:"collection-schema",children:"Collection Schema"})}),"\n",(0,n.jsx)(t.h2,{id:"collection",children:"Collection"}),"\n",(0,n.jsx)(t.p,{children:(0,n.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,n.jsxs)(t.table,{children:[(0,n.jsx)(t.thead,{children:(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,n.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,n.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,n.jsxs)(t.tbody,{children:[(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"id"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"}}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"type"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"}}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"'x-mitre-collection'"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the STIX specification used to represent this object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"'2.0' | '2.1'"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"created"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"modified"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"created_by_ref"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"labels"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The labels property specifies a set of terms used to describe this object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"Array"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"revoked"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The revoked property indicates whether the object has been revoked."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"boolean"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"confidence"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"}}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.code,{children:"number"})," (",(0,n.jsx)(t.em,{children:"int, \u22651, \u226499"}),")"]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"lang"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Identifies the language of the text content in this object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"external_references"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"A list of external references which refers to non-STIX information."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.em,{children:"Array of at least 1 objects:"}),(0,n.jsx)("br",{}),(0,n.jsxs)("ul",{children:[(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"source_name"}),": ",(0,n.jsx)(t.code,{children:"string"})]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"description"}),": ",(0,n.jsx)(t.code,{children:"string"})]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"url"}),": ",(0,n.jsx)(t.code,{children:"string"})," (",(0,n.jsx)(t.em,{children:"url"}),")"]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"external_id"}),": ",(0,n.jsx)(t.code,{children:"string"})]})]})]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"object_marking_refs"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The list of marking-definition objects to be applied to this object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"Array"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"granular_markings"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The set of granular markings that apply to this object."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.em,{children:"Array of objects:"}),(0,n.jsx)("br",{}),(0,n.jsxs)("ul",{children:[(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"marking_ref"}),": ",(0,n.jsx)(t.code,{children:"any"})," - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4."]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"selectors"}),": ",(0,n.jsx)(t.code,{children:"Array"})]})]})]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"extensions"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Specifies any extensions of the object, as a dictionary."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,n.jsx)(t.code,{children:"string"})," ",(0,n.jsx)(t.em,{children:"and values of type"})," ",(0,n.jsx)(t.em,{children:"Object with properties:"}),(0,n.jsxs)("ul",{children:[(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"extension_type"}),": ",(0,n.jsx)(t.code,{children:"string"})]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"extension_properties"}),": ",(0,n.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,n.jsx)(t.code,{children:"string"})," ",(0,n.jsx)(t.em,{children:"and values of type"})," ",(0,n.jsx)(t.code,{children:"unknown"})," (",(0,n.jsx)(t.em,{children:"optional & nullable"}),")"]})]})," ",(0,n.jsx)(t.em,{children:"or"})," ",(0,n.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,n.jsx)(t.code,{children:"string"})," ",(0,n.jsx)(t.em,{children:"and values of type"})," ",(0,n.jsx)(t.code,{children:"unknown"})," (",(0,n.jsx)(t.em,{children:"optional & nullable"}),")"]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"name"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The name of the object."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.code,{children:"string"})," (",(0,n.jsx)(t.em,{children:"min length: 1"}),")"]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"x_mitre_attack_spec_version"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"x_mitre_version"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"x_mitre_old_attack_id"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Old ATT&CK IDs that may have been associated with this object"}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"x_mitre_deprecated"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Indicates whether the object has been deprecated."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"boolean"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"description"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Details, context, and explanation about the purpose or contents of the collection."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"x_mitre_contents"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Specifies the objects contained within the collection."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.a,{href:"#xmitrecontents",children:"XMitreContents"})})]})]})]}),"\n",(0,n.jsx)(t.p,{children:(0,n.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,n.jsx)(t.h2,{id:"objectversionreference",children:"ObjectVersionReference"}),"\n",(0,n.jsx)(t.p,{children:(0,n.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,n.jsxs)(t.table,{children:[(0,n.jsx)(t.thead,{children:(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,n.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,n.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,n.jsxs)(t.tbody,{children:[(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"object_ref"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The ID of the referenced object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"object_modified"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The modified time of the referenced object. It MUST be an exact match for the modified time of the STIX object being referenced."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]})]})]}),"\n",(0,n.jsx)(t.p,{children:(0,n.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,n.jsx)(t.h2,{id:"xmitrecontents",children:"XMitreContents"}),"\n",(0,n.jsx)(t.p,{children:"Specifies the objects contained within the collection."}),"\n",(0,n.jsx)(t.p,{children:(0,n.jsxs)(t.em,{children:["Array of at least 1 ",(0,n.jsx)(t.a,{href:"#objectversionreference",children:"ObjectVersionReference"})," items."]})})]})}function x(e={}){const{wrapper:t}={...(0,l.R)(),...e.components};return t?(0,n.jsx)(t,{...e,children:(0,n.jsx)(h,{...e})}):h(e)}},8453:(e,t,s)=>{s.d(t,{R:()=>r,x:()=>d});var n=s(6540);const l={},i=n.createContext(l);function r(e){const t=n.useContext(i);return n.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function d(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(l):e.components||l:r(e.components),n.createElement(i.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/d0a75e10.65851f80.js b/assets/js/d0a75e10.65851f80.js new file mode 100644 index 0000000..de75b24 --- /dev/null +++ b/assets/js/d0a75e10.65851f80.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[274],{3781:(e,t,n)=>{n.r(t),n.d(t,{assets:()=>c,contentTitle:()=>r,default:()=>x,frontMatter:()=>l,metadata:()=>d,toc:()=>o});var s=n(4848),i=n(8453);const l={},r="Campaign Schema",d={id:"sdo/campaign.schema",title:"Campaign Schema",description:"Campaign",source:"@site/docs/sdo/campaign.schema.md",sourceDirName:"sdo",slug:"/sdo/campaign.schema",permalink:"/attack-data-model/docs/sdo/campaign.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Asset Schema",permalink:"/attack-data-model/docs/sdo/asset.schema"},next:{title:"Collection Schema",permalink:"/attack-data-model/docs/sdo/collection.schema"}},c={},o=[{value:"Campaign",id:"campaign",level:2},{value:"XMitreFirstSeenCitation",id:"xmitrefirstseencitation",level:2},{value:"XMitreLastSeenCitation",id:"xmitrelastseencitation",level:2}];function h(e){const t={a:"a",code:"code",em:"em",h1:"h1",h2:"h2",header:"header",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",...(0,i.R)(),...e.components};return(0,s.jsxs)(s.Fragment,{children:[(0,s.jsx)(t.header,{children:(0,s.jsx)(t.h1,{id:"campaign-schema",children:"Campaign Schema"})}),"\n",(0,s.jsx)(t.h2,{id:"campaign",children:"Campaign"}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,s.jsxs)(t.table,{children:[(0,s.jsx)(t.thead,{children:(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,s.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,s.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,s.jsxs)(t.tbody,{children:[(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"id"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"}}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"type"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"}}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"'campaign'"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the STIX specification used to represent this object."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"'2.0' | '2.1'"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"created"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"modified"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"created_by_ref"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"labels"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The labels property specifies a set of terms used to describe this object."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"Array"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"revoked"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The revoked property indicates whether the object has been revoked."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"boolean"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"confidence"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"}}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.code,{children:"number"})," (",(0,s.jsx)(t.em,{children:"int, \u22651, \u226499"}),")"]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"lang"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Identifies the language of the text content in this object."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"string"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"external_references"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"A list of external references which refers to non-STIX information."}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.em,{children:"Array of at least 1 objects:"}),(0,s.jsx)("br",{}),(0,s.jsxs)("ul",{children:[(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"source_name"}),": ",(0,s.jsx)(t.code,{children:"string"})]}),(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"description"}),": ",(0,s.jsx)(t.code,{children:"string"})]}),(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"url"}),": ",(0,s.jsx)(t.code,{children:"string"})," (",(0,s.jsx)(t.em,{children:"url"}),")"]}),(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"external_id"}),": ",(0,s.jsx)(t.code,{children:"string"})]})]})]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"object_marking_refs"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The list of marking-definition objects to be applied to this object."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"Array"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"granular_markings"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The set of granular markings that apply to this object."}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.em,{children:"Array of objects:"}),(0,s.jsx)("br",{}),(0,s.jsxs)("ul",{children:[(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"marking_ref"}),": ",(0,s.jsx)(t.code,{children:"any"})," - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4."]}),(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"selectors"}),": ",(0,s.jsx)(t.code,{children:"Array"})]})]})]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"extensions"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Specifies any extensions of the object, as a dictionary."}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,s.jsx)(t.code,{children:"string"})," ",(0,s.jsx)(t.em,{children:"and values of type"})," ",(0,s.jsx)(t.em,{children:"Object with properties:"}),(0,s.jsxs)("ul",{children:[(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"extension_type"}),": ",(0,s.jsx)(t.code,{children:"string"})]}),(0,s.jsxs)("li",{children:[(0,s.jsx)(t.code,{children:"extension_properties"}),": ",(0,s.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,s.jsx)(t.code,{children:"string"})," ",(0,s.jsx)(t.em,{children:"and values of type"})," ",(0,s.jsx)(t.code,{children:"unknown"})," (",(0,s.jsx)(t.em,{children:"optional & nullable"}),")"]})]})," ",(0,s.jsx)(t.em,{children:"or"})," ",(0,s.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,s.jsx)(t.code,{children:"string"})," ",(0,s.jsx)(t.em,{children:"and values of type"})," ",(0,s.jsx)(t.code,{children:"unknown"})," (",(0,s.jsx)(t.em,{children:"optional & nullable"}),")"]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"name"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The name of the object."}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.code,{children:"string"})," (",(0,s.jsx)(t.em,{children:"min length: 1"}),")"]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"x_mitre_attack_spec_version"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"string"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"x_mitre_version"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_old_attack_id"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Old ATT&CK IDs that may have been associated with this object"}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"string"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"x_mitre_deprecated"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Indicates whether the object has been deprecated."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"boolean"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"description"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"A description of the object."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"string"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"x_mitre_domains"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The technology domains to which the ATT&CK object belongs."}),(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.code,{children:"Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'>"})," (",(0,s.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"x_mitre_modified_by_ref"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"x_mitre_contributors"})}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"People and organizations who have contributed to the object. Not found on relationship objects."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"Array"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"aliases"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"Alternative names used to identify this campaign. The first alias must match the object's name."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"Array"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"first_seen"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The time that this Campaign was first seen."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"last_seen"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"The time that this Campaign was last seen."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.code,{children:"any"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"x_mitre_first_seen_citation"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"One or more citations for when the object was first seen, in the form '(Citation: [citation name])(Citation: [citation name])...', where each [citation name] can be found as one of the source_name values in the external_references."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.a,{href:"#xmitrefirstseencitation",children:"XMitreFirstSeenCitation"})})]}),(0,s.jsxs)(t.tr,{children:[(0,s.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,s.jsx)(t.strong,{children:(0,s.jsx)(t.code,{children:"x_mitre_last_seen_citation"})})," (*)"]}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:"One or more citations for when the object was last seen, in the form '(Citation: [citation name])(Citation: [citation name])...', where each [citation name] can be found as one of the source_name values in the external_references."}),(0,s.jsx)(t.td,{style:{textAlign:"left"},children:(0,s.jsx)(t.a,{href:"#xmitrelastseencitation",children:"XMitreLastSeenCitation"})})]})]})]}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,s.jsx)(t.h2,{id:"xmitrefirstseencitation",children:"XMitreFirstSeenCitation"}),"\n",(0,s.jsx)(t.p,{children:"One or more citations for when the object was first seen, in the form '(Citation: [citation name])(Citation: [citation name])...', where each [citation name] can be found as one of the source_name values in the external_references."}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsx)(t.em,{children:"Any type."})}),"\n",(0,s.jsx)(t.h2,{id:"xmitrelastseencitation",children:"XMitreLastSeenCitation"}),"\n",(0,s.jsx)(t.p,{children:"One or more citations for when the object was last seen, in the form '(Citation: [citation name])(Citation: [citation name])...', where each [citation name] can be found as one of the source_name values in the external_references."}),"\n",(0,s.jsx)(t.p,{children:(0,s.jsx)(t.em,{children:"Any type."})})]})}function x(e={}){const{wrapper:t}={...(0,i.R)(),...e.components};return t?(0,s.jsx)(t,{...e,children:(0,s.jsx)(h,{...e})}):h(e)}},8453:(e,t,n)=>{n.d(t,{R:()=>r,x:()=>d});var s=n(6540);const i={},l=s.createContext(i);function r(e){const t=s.useContext(l);return s.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function d(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(i):e.components||i:r(e.components),s.createElement(l.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/d0a75e10.f5524e2e.js b/assets/js/d0a75e10.f5524e2e.js deleted file mode 100644 index b42c5ab..0000000 --- a/assets/js/d0a75e10.f5524e2e.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[274],{3781:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>i,contentTitle:()=>o,default:()=>u,frontMatter:()=>s,metadata:()=>r,toc:()=>d});var n=a(4848),c=a(8453);const s={},o="Campaign Schema",r={id:"sdo/campaign.schema",title:"Campaign Schema",description:"",source:"@site/docs/sdo/campaign.schema.md",sourceDirName:"sdo",slug:"/sdo/campaign.schema",permalink:"/attack-data-model/docs/sdo/campaign.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Asset Schema",permalink:"/attack-data-model/docs/sdo/asset.schema"},next:{title:"Collection Schema",permalink:"/attack-data-model/docs/sdo/collection.schema"}},i={},d=[];function m(e){const t={h1:"h1",header:"header",...(0,c.R)(),...e.components};return(0,n.jsx)(t.header,{children:(0,n.jsx)(t.h1,{id:"campaign-schema",children:"Campaign Schema"})})}function u(e={}){const{wrapper:t}={...(0,c.R)(),...e.components};return t?(0,n.jsx)(t,{...e,children:(0,n.jsx)(m,{...e})}):m(e)}},8453:(e,t,a)=>{a.d(t,{R:()=>o,x:()=>r});var n=a(6540);const c={},s=n.createContext(c);function o(e){const t=n.useContext(s);return n.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function r(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(c):e.components||c:o(e.components),n.createElement(s.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/d4341706.00b9ceba.js b/assets/js/d4341706.00b9ceba.js deleted file mode 100644 index 5bcd700..0000000 --- a/assets/js/d4341706.00b9ceba.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[856],{8147:(e,t,a)=>{a.r(t),a.d(t,{assets:()=>d,contentTitle:()=>n,default:()=>m,frontMatter:()=>c,metadata:()=>r,toc:()=>u});var o=a(4848),s=a(8453);const c={},n="Data source Schema",r={id:"sdo/data-source.schema",title:"Data source Schema",description:"",source:"@site/docs/sdo/data-source.schema.md",sourceDirName:"sdo",slug:"/sdo/data-source.schema",permalink:"/attack-data-model/docs/sdo/data-source.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Data component Schema",permalink:"/attack-data-model/docs/sdo/data-component.schema"},next:{title:"Group Schema",permalink:"/attack-data-model/docs/sdo/group.schema"}},d={},u=[];function i(e){const t={h1:"h1",header:"header",...(0,s.R)(),...e.components};return(0,o.jsx)(t.header,{children:(0,o.jsx)(t.h1,{id:"data-source-schema",children:"Data source Schema"})})}function m(e={}){const{wrapper:t}={...(0,s.R)(),...e.components};return t?(0,o.jsx)(t,{...e,children:(0,o.jsx)(i,{...e})}):i(e)}},8453:(e,t,a)=>{a.d(t,{R:()=>n,x:()=>r});var o=a(6540);const s={},c=o.createContext(s);function n(e){const t=o.useContext(c);return o.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function r(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(s):e.components||s:n(e.components),o.createElement(c.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/d4341706.4c328ecd.js b/assets/js/d4341706.4c328ecd.js new file mode 100644 index 0000000..fe2d4b6 --- /dev/null +++ b/assets/js/d4341706.4c328ecd.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[856],{8147:(e,t,s)=>{s.r(t),s.d(t,{assets:()=>c,contentTitle:()=>r,default:()=>x,frontMatter:()=>i,metadata:()=>d,toc:()=>o});var n=s(4848),l=s(8453);const i={},r="Data source Schema",d={id:"sdo/data-source.schema",title:"Data source Schema",description:"DataSource",source:"@site/docs/sdo/data-source.schema.md",sourceDirName:"sdo",slug:"/sdo/data-source.schema",permalink:"/attack-data-model/docs/sdo/data-source.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Data component Schema",permalink:"/attack-data-model/docs/sdo/data-component.schema"},next:{title:"Group Schema",permalink:"/attack-data-model/docs/sdo/group.schema"}},c={},o=[{value:"DataSource",id:"datasource",level:2},{value:"XMitreCollectionLayers",id:"xmitrecollectionlayers",level:2}];function h(e){const t={a:"a",code:"code",em:"em",h1:"h1",h2:"h2",header:"header",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",...(0,l.R)(),...e.components};return(0,n.jsxs)(n.Fragment,{children:[(0,n.jsx)(t.header,{children:(0,n.jsx)(t.h1,{id:"data-source-schema",children:"Data source Schema"})}),"\n",(0,n.jsx)(t.h2,{id:"datasource",children:"DataSource"}),"\n",(0,n.jsx)(t.p,{children:(0,n.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,n.jsxs)(t.table,{children:[(0,n.jsx)(t.thead,{children:(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,n.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,n.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,n.jsxs)(t.tbody,{children:[(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"id"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"}}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"type"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"}}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"'x-mitre-data-source'"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the STIX specification used to represent this object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"'2.0' | '2.1'"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"created"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"modified"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"created_by_ref"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"labels"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The labels property specifies a set of terms used to describe this object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"Array"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"revoked"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The revoked property indicates whether the object has been revoked."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"boolean"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"confidence"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"}}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.code,{children:"number"})," (",(0,n.jsx)(t.em,{children:"int, \u22651, \u226499"}),")"]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"lang"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Identifies the language of the text content in this object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"external_references"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"A list of external references which refers to non-STIX information."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.em,{children:"Array of at least 1 objects:"}),(0,n.jsx)("br",{}),(0,n.jsxs)("ul",{children:[(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"source_name"}),": ",(0,n.jsx)(t.code,{children:"string"})]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"description"}),": ",(0,n.jsx)(t.code,{children:"string"})]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"url"}),": ",(0,n.jsx)(t.code,{children:"string"})," (",(0,n.jsx)(t.em,{children:"url"}),")"]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"external_id"}),": ",(0,n.jsx)(t.code,{children:"string"})]})]})]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"object_marking_refs"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The list of marking-definition objects to be applied to this object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"Array"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"granular_markings"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The set of granular markings that apply to this object."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.em,{children:"Array of objects:"}),(0,n.jsx)("br",{}),(0,n.jsxs)("ul",{children:[(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"marking_ref"}),": ",(0,n.jsx)(t.code,{children:"any"})," - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4."]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"selectors"}),": ",(0,n.jsx)(t.code,{children:"Array"})]})]})]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"extensions"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Specifies any extensions of the object, as a dictionary."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,n.jsx)(t.code,{children:"string"})," ",(0,n.jsx)(t.em,{children:"and values of type"})," ",(0,n.jsx)(t.em,{children:"Object with properties:"}),(0,n.jsxs)("ul",{children:[(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"extension_type"}),": ",(0,n.jsx)(t.code,{children:"string"})]}),(0,n.jsxs)("li",{children:[(0,n.jsx)(t.code,{children:"extension_properties"}),": ",(0,n.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,n.jsx)(t.code,{children:"string"})," ",(0,n.jsx)(t.em,{children:"and values of type"})," ",(0,n.jsx)(t.code,{children:"unknown"})," (",(0,n.jsx)(t.em,{children:"optional & nullable"}),")"]})]})," ",(0,n.jsx)(t.em,{children:"or"})," ",(0,n.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,n.jsx)(t.code,{children:"string"})," ",(0,n.jsx)(t.em,{children:"and values of type"})," ",(0,n.jsx)(t.code,{children:"unknown"})," (",(0,n.jsx)(t.em,{children:"optional & nullable"}),")"]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"name"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The name of the object."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.code,{children:"string"})," (",(0,n.jsx)(t.em,{children:"min length: 1"}),")"]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"x_mitre_attack_spec_version"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"x_mitre_version"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"x_mitre_old_attack_id"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Old ATT&CK IDs that may have been associated with this object"}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"x_mitre_deprecated"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"Indicates whether the object has been deprecated."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"boolean"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"description"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"A description of the object."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"string"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"x_mitre_platforms"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"List of platforms that apply to the object."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.code,{children:"Array<'Field Controller/RTU/PLC/IED' | 'Network' | 'Data Historian' | 'Google Workspace' | 'Office 365' | 'Containers' | 'Azure AD' | 'Engineering Workstation' | 'Control Server' | 'Human-Machine Interface' | 'Windows' | 'Linux' | 'IaaS' | 'None' | 'iOS' | 'PRE' | 'SaaS' | 'Input/Output Server' | 'macOS' | 'Android' | ...>"})," (",(0,n.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"x_mitre_domains"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The technology domains to which the ATT&CK object belongs."}),(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.code,{children:"Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'>"})," (",(0,n.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"x_mitre_modified_by_ref"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"any"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"x_mitre_contributors"})}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"People and organizations who have contributed to the object. Not found on relationship objects."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.code,{children:"Array"})})]}),(0,n.jsxs)(t.tr,{children:[(0,n.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,n.jsx)(t.strong,{children:(0,n.jsx)(t.code,{children:"x_mitre_collection_layers"})})," (*)"]}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:"List of places the data can be collected from."}),(0,n.jsx)(t.td,{style:{textAlign:"left"},children:(0,n.jsx)(t.a,{href:"#xmitrecollectionlayers",children:"XMitreCollectionLayers"})})]})]})]}),"\n",(0,n.jsx)(t.p,{children:(0,n.jsx)(t.em,{children:"(*) Required."})}),"\n",(0,n.jsx)(t.h2,{id:"xmitrecollectionlayers",children:"XMitreCollectionLayers"}),"\n",(0,n.jsx)(t.p,{children:"List of places the data can be collected from."}),"\n",(0,n.jsx)(t.p,{children:(0,n.jsxs)(t.em,{children:["Array of ",(0,n.jsx)(t.code,{children:"'Cloud Control Plane' | 'Host' | 'Report' | 'Container' | 'Device' | 'OSINT' | 'Network'"})," items."]})})]})}function x(e={}){const{wrapper:t}={...(0,l.R)(),...e.components};return t?(0,n.jsx)(t,{...e,children:(0,n.jsx)(h,{...e})}):h(e)}},8453:(e,t,s)=>{s.d(t,{R:()=>r,x:()=>d});var n=s(6540);const l={},i=n.createContext(l);function r(e){const t=n.useContext(i);return n.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function d(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(l):e.components||l:r(e.components),n.createElement(i.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/f18df1a9.083c4efb.js b/assets/js/f18df1a9.083c4efb.js new file mode 100644 index 0000000..b3aa71c --- /dev/null +++ b/assets/js/f18df1a9.083c4efb.js @@ -0,0 +1 @@ +"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[461],{8538:(e,t,s)=>{s.r(t),s.d(t,{assets:()=>c,contentTitle:()=>r,default:()=>x,frontMatter:()=>l,metadata:()=>d,toc:()=>o});var i=s(4848),n=s(8453);const l={},r="Mitigation Schema",d={id:"sdo/mitigation.schema",title:"Mitigation Schema",description:"Mitigation",source:"@site/docs/sdo/mitigation.schema.md",sourceDirName:"sdo",slug:"/sdo/mitigation.schema",permalink:"/attack-data-model/docs/sdo/mitigation.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Matrix Schema",permalink:"/attack-data-model/docs/sdo/matrix.schema"},next:{title:"Software Schema",permalink:"/attack-data-model/docs/sdo/software.schema"}},c={},o=[{value:"Mitigation",id:"mitigation",level:2}];function h(e){const t={code:"code",em:"em",h1:"h1",h2:"h2",header:"header",p:"p",strong:"strong",table:"table",tbody:"tbody",td:"td",th:"th",thead:"thead",tr:"tr",...(0,n.R)(),...e.components};return(0,i.jsxs)(i.Fragment,{children:[(0,i.jsx)(t.header,{children:(0,i.jsx)(t.h1,{id:"mitigation-schema",children:"Mitigation Schema"})}),"\n",(0,i.jsx)(t.h2,{id:"mitigation",children:"Mitigation"}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"Object containing the following properties:"})}),"\n",(0,i.jsxs)(t.table,{children:[(0,i.jsx)(t.thead,{children:(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Property"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Description"}),(0,i.jsx)(t.th,{style:{textAlign:"left"},children:"Type"})]})}),(0,i.jsxs)(t.tbody,{children:[(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"id"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"type"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'course-of-action'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the STIX specification used to represent this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"'2.0' | '2.1'"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"created"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"modified"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"created_by_ref"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"labels"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The labels property specifies a set of terms used to describe this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"Array"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"revoked"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The revoked property indicates whether the object has been revoked."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"boolean"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"confidence"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"}}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"number"})," (",(0,i.jsx)(t.em,{children:"int, \u22651, \u226499"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"lang"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Identifies the language of the text content in this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"external_references"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"A list of external references which refers to non-STIX information."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Array of at least 1 objects:"}),(0,i.jsx)("br",{}),(0,i.jsxs)("ul",{children:[(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"source_name"}),": ",(0,i.jsx)(t.code,{children:"string"})]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"description"}),": ",(0,i.jsx)(t.code,{children:"string"})]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"url"}),": ",(0,i.jsx)(t.code,{children:"string"})," (",(0,i.jsx)(t.em,{children:"url"}),")"]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"external_id"}),": ",(0,i.jsx)(t.code,{children:"string"})]})]})]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"object_marking_refs"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The list of marking-definition objects to be applied to this object."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"Array"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"granular_markings"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The set of granular markings that apply to this object."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Array of objects:"}),(0,i.jsx)("br",{}),(0,i.jsxs)("ul",{children:[(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"marking_ref"}),": ",(0,i.jsx)(t.code,{children:"any"})," - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4."]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"selectors"}),": ",(0,i.jsx)(t.code,{children:"Array"})]})]})]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"extensions"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Specifies any extensions of the object, as a dictionary."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,i.jsx)(t.code,{children:"string"})," ",(0,i.jsx)(t.em,{children:"and values of type"})," ",(0,i.jsx)(t.em,{children:"Object with properties:"}),(0,i.jsxs)("ul",{children:[(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"extension_type"}),": ",(0,i.jsx)(t.code,{children:"string"})]}),(0,i.jsxs)("li",{children:[(0,i.jsx)(t.code,{children:"extension_properties"}),": ",(0,i.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,i.jsx)(t.code,{children:"string"})," ",(0,i.jsx)(t.em,{children:"and values of type"})," ",(0,i.jsx)(t.code,{children:"unknown"})," (",(0,i.jsx)(t.em,{children:"optional & nullable"}),")"]})]})," ",(0,i.jsx)(t.em,{children:"or"})," ",(0,i.jsx)(t.em,{children:"Object with dynamic keys of type"})," ",(0,i.jsx)(t.code,{children:"string"})," ",(0,i.jsx)(t.em,{children:"and values of type"})," ",(0,i.jsx)(t.code,{children:"unknown"})," (",(0,i.jsx)(t.em,{children:"optional & nullable"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"name"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The name of the object."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"string"})," (",(0,i.jsx)(t.em,{children:"min length: 1"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_attack_spec_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_version"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"x_mitre_old_attack_id"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Old ATT&CK IDs that may have been associated with this object"}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"x_mitre_deprecated"})}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"Indicates whether the object has been deprecated."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"boolean"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"description"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"A description that provides more details and context about the Mitigation."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"string"})})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_domains"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The technology domains to which the ATT&CK object belongs."}),(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.code,{children:"Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'>"})," (",(0,i.jsx)(t.em,{children:"min: 1"}),")"]})]}),(0,i.jsxs)(t.tr,{children:[(0,i.jsxs)(t.td,{style:{textAlign:"left"},children:[(0,i.jsx)(t.strong,{children:(0,i.jsx)(t.code,{children:"x_mitre_modified_by_ref"})})," (*)"]}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:"The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations."}),(0,i.jsx)(t.td,{style:{textAlign:"left"},children:(0,i.jsx)(t.code,{children:"any"})})]})]})]}),"\n",(0,i.jsx)(t.p,{children:(0,i.jsx)(t.em,{children:"(*) Required."})})]})}function x(e={}){const{wrapper:t}={...(0,n.R)(),...e.components};return t?(0,i.jsx)(t,{...e,children:(0,i.jsx)(h,{...e})}):h(e)}},8453:(e,t,s)=>{s.d(t,{R:()=>r,x:()=>d});var i=s(6540);const n={},l=i.createContext(n);function r(e){const t=i.useContext(l);return i.useMemo((function(){return"function"==typeof e?e(t):{...t,...e}}),[t,e])}function d(e){let t;return t=e.disableParentContext?"function"==typeof e.components?e.components(n):e.components||n:r(e.components),i.createElement(l.Provider,{value:t},e.children)}}}]); \ No newline at end of file diff --git a/assets/js/f18df1a9.9ab27cac.js b/assets/js/f18df1a9.9ab27cac.js deleted file mode 100644 index 4a635df..0000000 --- a/assets/js/f18df1a9.9ab27cac.js +++ /dev/null @@ -1 +0,0 @@ -"use strict";(self.webpackChunkdocusaurus=self.webpackChunkdocusaurus||[]).push([[461],{8538:(t,e,a)=>{a.r(e),a.d(e,{assets:()=>r,contentTitle:()=>s,default:()=>u,frontMatter:()=>i,metadata:()=>c,toc:()=>d});var n=a(4848),o=a(8453);const i={},s="Mitigation Schema",c={id:"sdo/mitigation.schema",title:"Mitigation Schema",description:"",source:"@site/docs/sdo/mitigation.schema.md",sourceDirName:"sdo",slug:"/sdo/mitigation.schema",permalink:"/attack-data-model/docs/sdo/mitigation.schema",draft:!1,unlisted:!1,tags:[],version:"current",frontMatter:{},sidebar:"tutorialSidebar",previous:{title:"Matrix Schema",permalink:"/attack-data-model/docs/sdo/matrix.schema"},next:{title:"Software Schema",permalink:"/attack-data-model/docs/sdo/software.schema"}},r={},d=[];function m(t){const e={h1:"h1",header:"header",...(0,o.R)(),...t.components};return(0,n.jsx)(e.header,{children:(0,n.jsx)(e.h1,{id:"mitigation-schema",children:"Mitigation Schema"})})}function u(t={}){const{wrapper:e}={...(0,o.R)(),...t.components};return e?(0,n.jsx)(e,{...t,children:(0,n.jsx)(m,{...t})}):m(t)}},8453:(t,e,a)=>{a.d(e,{R:()=>s,x:()=>c});var n=a(6540);const o={},i=n.createContext(o);function s(t){const e=n.useContext(i);return n.useMemo((function(){return"function"==typeof t?t(e):{...e,...t}}),[e,t])}function c(t){let e;return e=t.disableParentContext?"function"==typeof t.components?t.components(o):t.components||o:s(t.components),n.createElement(i.Provider,{value:e},t.children)}}}]); \ No newline at end of file diff --git a/assets/js/runtime~main.05fa75c1.js b/assets/js/runtime~main.05fa75c1.js new file mode 100644 index 0000000..b199fc2 --- /dev/null +++ b/assets/js/runtime~main.05fa75c1.js @@ -0,0 +1 @@ +(()=>{"use strict";var e,a,t,r,f,d={},c={};function o(e){var a=c[e];if(void 0!==a)return a.exports;var t=c[e]={id:e,loaded:!1,exports:{}};return d[e].call(t.exports,t,t.exports,o),t.loaded=!0,t.exports}o.m=d,o.c=c,e=[],o.O=(a,t,r,f)=>{if(!t){var d=1/0;for(i=0;i=f)&&Object.keys(o.O).every((e=>o.O[e](t[b])))?t.splice(b--,1):(c=!1,f0&&e[i-1][2]>f;i--)e[i]=e[i-1];e[i]=[t,r,f]},o.n=e=>{var a=e&&e.__esModule?()=>e.default:()=>e;return o.d(a,{a:a}),a},t=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,o.t=function(e,r){if(1&r&&(e=this(e)),8&r)return e;if("object"==typeof e&&e){if(4&r&&e.__esModule)return e;if(16&r&&"function"==typeof e.then)return e}var f=Object.create(null);o.r(f);var d={};a=a||[null,t({}),t([]),t(t)];for(var c=2&r&&e;"object"==typeof c&&!~a.indexOf(c);c=t(c))Object.getOwnPropertyNames(c).forEach((a=>d[a]=()=>e[a]));return d.default=()=>e,o.d(f,d),f},o.d=(e,a)=>{for(var t in a)o.o(a,t)&&!o.o(e,t)&&Object.defineProperty(e,t,{enumerable:!0,get:a[t]})},o.f={},o.e=e=>Promise.all(Object.keys(o.f).reduce(((a,t)=>(o.f[t](e,a),a)),[])),o.u=e=>"assets/js/"+({19:"64a2cd0f",48:"a94703ab",52:"320f0fb2",69:"77eecdb5",77:"05907113",98:"a7bd4aaa",212:"621db11d",216:"cbeda633",235:"a7456010",249:"ccc49370",250:"65ac31b8",274:"d0a75e10",401:"17896441",413:"1db64337",456:"ce55f748",461:"f18df1a9",472:"814f3328",477:"a6495bc2",478:"219f03bb",583:"1df93b7f",620:"3f548cca",628:"8de5005f",641:"b60462fd",643:"a6aa9e1f",647:"5e95c892",702:"bf2461d0",711:"9e4087bc",742:"aba21aa0",765:"12a2b8d0",775:"168a7715",799:"225bffaf",822:"60fafb26",856:"d4341706",858:"36994c47",903:"acecf23e",907:"7f1231b0",937:"a74c01bf"}[e]||e)+"."+{19:"cfbe6157",48:"196914dc",52:"a9bd3236",69:"8967824d",77:"4c2b4fbf",98:"5680b470",212:"eafaf511",216:"e2ce3ac3",235:"4bee100d",237:"8bb8b27e",249:"bc78b04b",250:"31c32edc",274:"65851f80",401:"7d0c3df0",413:"3074e5f6",456:"d95da42b",461:"083c4efb",472:"789d8d13",477:"e58e8070",478:"a43c4b3e",531:"c2fcb353",554:"a3d64260",583:"56f2f13c",620:"2afcb332",628:"8567666d",641:"c0563616",643:"a6fd95f7",647:"8dea23b8",702:"84b49ee0",711:"bdae5c5e",742:"3de8bd8d",765:"f977506c",775:"32be5472",799:"6aa345ca",822:"964825f1",856:"4c328ecd",858:"4921b71e",903:"bb0a47de",907:"fe121793",937:"8e9357d7"}[e]+".js",o.miniCssF=e=>{},o.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),o.o=(e,a)=>Object.prototype.hasOwnProperty.call(e,a),r={},f="docusaurus:",o.l=(e,a,t,d)=>{if(r[e])r[e].push(a);else{var c,b;if(void 0!==t)for(var n=document.getElementsByTagName("script"),i=0;i{c.onerror=c.onload=null,clearTimeout(s);var f=r[e];if(delete r[e],c.parentNode&&c.parentNode.removeChild(c),f&&f.forEach((e=>e(t))),a)return a(t)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:c}),12e4);c.onerror=l.bind(null,c.onerror),c.onload=l.bind(null,c.onload),b&&document.head.appendChild(c)}},o.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},o.p="/attack-data-model/",o.gca=function(e){return e={17896441:"401","64a2cd0f":"19",a94703ab:"48","320f0fb2":"52","77eecdb5":"69","05907113":"77",a7bd4aaa:"98","621db11d":"212",cbeda633:"216",a7456010:"235",ccc49370:"249","65ac31b8":"250",d0a75e10:"274","1db64337":"413",ce55f748:"456",f18df1a9:"461","814f3328":"472",a6495bc2:"477","219f03bb":"478","1df93b7f":"583","3f548cca":"620","8de5005f":"628",b60462fd:"641",a6aa9e1f:"643","5e95c892":"647",bf2461d0:"702","9e4087bc":"711",aba21aa0:"742","12a2b8d0":"765","168a7715":"775","225bffaf":"799","60fafb26":"822",d4341706:"856","36994c47":"858",acecf23e:"903","7f1231b0":"907",a74c01bf:"937"}[e]||e,o.p+o.u(e)},(()=>{var e={354:0,869:0};o.f.j=(a,t)=>{var r=o.o(e,a)?e[a]:void 0;if(0!==r)if(r)t.push(r[2]);else if(/^(354|869)$/.test(a))e[a]=0;else{var f=new Promise(((t,f)=>r=e[a]=[t,f]));t.push(r[2]=f);var d=o.p+o.u(a),c=new Error;o.l(d,(t=>{if(o.o(e,a)&&(0!==(r=e[a])&&(e[a]=void 0),r)){var f=t&&("load"===t.type?"missing":t.type),d=t&&t.target&&t.target.src;c.message="Loading chunk "+a+" failed.\n("+f+": "+d+")",c.name="ChunkLoadError",c.type=f,c.request=d,r[1](c)}}),"chunk-"+a,a)}},o.O.j=a=>0===e[a];var a=(a,t)=>{var r,f,d=t[0],c=t[1],b=t[2],n=0;if(d.some((a=>0!==e[a]))){for(r in c)o.o(c,r)&&(o.m[r]=c[r]);if(b)var i=b(o)}for(a&&a(t);n{"use strict";var e,a,t,r,f,d={},o={};function c(e){var a=o[e];if(void 0!==a)return a.exports;var t=o[e]={id:e,loaded:!1,exports:{}};return d[e].call(t.exports,t,t.exports,c),t.loaded=!0,t.exports}c.m=d,c.c=o,e=[],c.O=(a,t,r,f)=>{if(!t){var d=1/0;for(i=0;i=f)&&Object.keys(c.O).every((e=>c.O[e](t[b])))?t.splice(b--,1):(o=!1,f0&&e[i-1][2]>f;i--)e[i]=e[i-1];e[i]=[t,r,f]},c.n=e=>{var a=e&&e.__esModule?()=>e.default:()=>e;return c.d(a,{a:a}),a},t=Object.getPrototypeOf?e=>Object.getPrototypeOf(e):e=>e.__proto__,c.t=function(e,r){if(1&r&&(e=this(e)),8&r)return e;if("object"==typeof e&&e){if(4&r&&e.__esModule)return e;if(16&r&&"function"==typeof e.then)return e}var f=Object.create(null);c.r(f);var d={};a=a||[null,t({}),t([]),t(t)];for(var o=2&r&&e;"object"==typeof o&&!~a.indexOf(o);o=t(o))Object.getOwnPropertyNames(o).forEach((a=>d[a]=()=>e[a]));return d.default=()=>e,c.d(f,d),f},c.d=(e,a)=>{for(var t in a)c.o(a,t)&&!c.o(e,t)&&Object.defineProperty(e,t,{enumerable:!0,get:a[t]})},c.f={},c.e=e=>Promise.all(Object.keys(c.f).reduce(((a,t)=>(c.f[t](e,a),a)),[])),c.u=e=>"assets/js/"+({19:"64a2cd0f",48:"a94703ab",52:"320f0fb2",69:"77eecdb5",77:"05907113",98:"a7bd4aaa",212:"621db11d",216:"cbeda633",235:"a7456010",249:"ccc49370",250:"65ac31b8",274:"d0a75e10",401:"17896441",413:"1db64337",456:"ce55f748",461:"f18df1a9",472:"814f3328",477:"a6495bc2",478:"219f03bb",583:"1df93b7f",620:"3f548cca",628:"8de5005f",641:"b60462fd",643:"a6aa9e1f",647:"5e95c892",702:"bf2461d0",711:"9e4087bc",742:"aba21aa0",765:"12a2b8d0",775:"168a7715",799:"225bffaf",822:"60fafb26",856:"d4341706",858:"36994c47",903:"acecf23e",907:"7f1231b0",937:"a74c01bf"}[e]||e)+"."+{19:"028ab007",48:"196914dc",52:"8942a67e",69:"ec3d595a",77:"ca821053",98:"5680b470",212:"eafaf511",216:"9208e3aa",235:"4bee100d",237:"8bb8b27e",249:"bc78b04b",250:"31cc6ee5",274:"f5524e2e",401:"7d0c3df0",413:"3074e5f6",456:"6a252396",461:"9ab27cac",472:"05dd9d81",477:"e58e8070",478:"219555c7",531:"c2fcb353",554:"a3d64260",583:"56f2f13c",620:"737ff296",628:"283ddf73",641:"c1926a5e",643:"a6fd95f7",647:"8dea23b8",702:"d9b64d00",711:"bdae5c5e",742:"3de8bd8d",765:"f2a0a6bf",775:"6a0e03ad",799:"f484ef37",822:"ab1ffe77",856:"00b9ceba",858:"4921b71e",903:"bb0a47de",907:"f4a5ab59",937:"8e9357d7"}[e]+".js",c.miniCssF=e=>{},c.g=function(){if("object"==typeof globalThis)return globalThis;try{return this||new Function("return this")()}catch(e){if("object"==typeof window)return window}}(),c.o=(e,a)=>Object.prototype.hasOwnProperty.call(e,a),r={},f="docusaurus:",c.l=(e,a,t,d)=>{if(r[e])r[e].push(a);else{var o,b;if(void 0!==t)for(var n=document.getElementsByTagName("script"),i=0;i{o.onerror=o.onload=null,clearTimeout(s);var f=r[e];if(delete r[e],o.parentNode&&o.parentNode.removeChild(o),f&&f.forEach((e=>e(t))),a)return a(t)},s=setTimeout(l.bind(null,void 0,{type:"timeout",target:o}),12e4);o.onerror=l.bind(null,o.onerror),o.onload=l.bind(null,o.onload),b&&document.head.appendChild(o)}},c.r=e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},c.p="/attack-data-model/",c.gca=function(e){return e={17896441:"401","64a2cd0f":"19",a94703ab:"48","320f0fb2":"52","77eecdb5":"69","05907113":"77",a7bd4aaa:"98","621db11d":"212",cbeda633:"216",a7456010:"235",ccc49370:"249","65ac31b8":"250",d0a75e10:"274","1db64337":"413",ce55f748:"456",f18df1a9:"461","814f3328":"472",a6495bc2:"477","219f03bb":"478","1df93b7f":"583","3f548cca":"620","8de5005f":"628",b60462fd:"641",a6aa9e1f:"643","5e95c892":"647",bf2461d0:"702","9e4087bc":"711",aba21aa0:"742","12a2b8d0":"765","168a7715":"775","225bffaf":"799","60fafb26":"822",d4341706:"856","36994c47":"858",acecf23e:"903","7f1231b0":"907",a74c01bf:"937"}[e]||e,c.p+c.u(e)},(()=>{var e={354:0,869:0};c.f.j=(a,t)=>{var r=c.o(e,a)?e[a]:void 0;if(0!==r)if(r)t.push(r[2]);else if(/^(354|869)$/.test(a))e[a]=0;else{var f=new Promise(((t,f)=>r=e[a]=[t,f]));t.push(r[2]=f);var d=c.p+c.u(a),o=new Error;c.l(d,(t=>{if(c.o(e,a)&&(0!==(r=e[a])&&(e[a]=void 0),r)){var f=t&&("load"===t.type?"missing":t.type),d=t&&t.target&&t.target.src;o.message="Loading chunk "+a+" failed.\n("+f+": "+d+")",o.name="ChunkLoadError",o.type=f,o.request=d,r[1](o)}}),"chunk-"+a,a)}},c.O.j=a=>0===e[a];var a=(a,t)=>{var r,f,d=t[0],o=t[1],b=t[2],n=0;if(d.some((a=>0!==e[a]))){for(r in o)c.o(o,r)&&(c.m[r]=o[r]);if(b)var i=b(c)}for(a&&a(t);n Archive | MITRE ATT&CK Data Model - + diff --git a/blog/authors/index.html b/blog/authors/index.html index 77ccabf..ea016db 100644 --- a/blog/authors/index.html +++ b/blog/authors/index.html @@ -4,7 +4,7 @@ Authors | MITRE ATT&CK Data Model - + diff --git a/blog/index.html b/blog/index.html index 285c4f8..8f3f30b 100644 --- a/blog/index.html +++ b/blog/index.html @@ -3,12 +3,12 @@ -Blog | MITRE ATT&CK Data Model - +Blog | MITRE ATT&CK Data Model + -

ATT&CK v16 - October 2024

MITRE ATT&CK
A knowledge base for describing the behavior of adversaries

The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base. +

ATT&CK v16 - October 2024

MITRE ATT&CK
A knowledge base for describing the behavior of adversaries

The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base. These issues reflect elements that do not conform to the Zod schemas and require changes to bring the knowledge base into full compliance. Your understanding and patience are appreciated as we work to make improvements.

diff --git a/blog/known-issues/index.html b/blog/known-issues/index.html index 256ce96..6f9df51 100644 --- a/blog/known-issues/index.html +++ b/blog/known-issues/index.html @@ -3,12 +3,12 @@ -ATT&CK v16 - October 2024 | MITRE ATT&CK Data Model - +ATT&CK v16 - October 2024 | MITRE ATT&CK Data Model + -

ATT&CK v16 - October 2024

MITRE ATT&CK
A knowledge base for describing the behavior of adversaries

The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base. +

ATT&CK v16 - October 2024

MITRE ATT&CK
A knowledge base for describing the behavior of adversaries

The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base. These issues reflect elements that do not conform to the Zod schemas and require changes to bring the knowledge base into full compliance. Your understanding and patience are appreciated as we work to make improvements.

diff --git a/blog/rss.xml b/blog/rss.xml index 27fc9b1..f73f329 100644 --- a/blog/rss.xml +++ b/blog/rss.xml @@ -4,7 +4,7 @@ MITRE ATT&CK Data Model Blog https://mitre-attack.github.io/attack-data-model/blog MITRE ATT&CK Data Model Blog - Mon, 21 Oct 2024 13:36:06 GMT + Mon, 21 Oct 2024 13:40:45 GMT https://validator.w3.org/feed/docs/rss2.html https://github.com/jpmonette/feed en @@ -12,7 +12,7 @@ <![CDATA[ATT&CK v16 - October 2024]]> https://mitre-attack.github.io/attack-data-model/blog/known-issues https://mitre-attack.github.io/attack-data-model/blog/known-issues - Mon, 21 Oct 2024 13:36:06 GMT + Mon, 21 Oct 2024 13:40:45 GMT The following issues are known discrepancies and non-compliance within the current ATT&CK knowledge base. These issues reflect elements that do not conform to the Zod schemas and require changes to bring the diff --git a/docs/overview/index.html b/docs/overview/index.html index e5d06a3..355760f 100644 --- a/docs/overview/index.html +++ b/docs/overview/index.html @@ -4,7 +4,7 @@ Overview | MITRE ATT&CK Data Model - + diff --git a/docs/sdo/asset.schema/index.html b/docs/sdo/asset.schema/index.html index 97b7148..1c50773 100644 --- a/docs/sdo/asset.schema/index.html +++ b/docs/sdo/asset.schema/index.html @@ -3,11 +3,25 @@ -Asset Schema | MITRE ATT&CK Data Model - +Asset Schema | MITRE ATT&CK Data Model + - +

Asset Schema

+

Asset

+

Object containing the following properties:

+
PropertyDescriptionType
id (*)any
type (*)'x-mitre-asset'
spec_version (*)The version of the STIX specification used to represent this object.'2.0' | '2.1'
created (*)The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond.any
modified (*)The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond.any
created_by_ref (*)The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous.any
labelsThe labels property specifies a set of terms used to describe this object.Array<string>
revokedThe revoked property indicates whether the object has been revoked.boolean
confidencenumber (int, ≥1, ≤99)
langIdentifies the language of the text content in this object.string
external_references (*)A list of external references which refers to non-STIX information.Array of at least 1 objects:
  • source_name: string
  • description: string
  • url: string (url)
  • external_id: string
object_marking_refs (*)The list of marking-definition objects to be applied to this object.Array<any>
granular_markingsThe set of granular markings that apply to this object.Array of objects:
  • marking_ref: any - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • selectors: Array<string>
extensionsSpecifies any extensions of the object, as a dictionary.Object with dynamic keys of type string and values of type Object with properties:
  • extension_type: string
  • extension_properties: Object with dynamic keys of type string and values of type unknown (optional & nullable)
or Object with dynamic keys of type string and values of type unknown (optional & nullable)
name (*)The name of the object.string (min length: 1)
x_mitre_attack_spec_version (*)The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions.string
x_mitre_version (*)Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects.any
x_mitre_old_attack_idOld ATT&CK IDs that may have been associated with this objectstring
x_mitre_deprecatedIndicates whether the object has been deprecated.boolean
descriptionA description of the object.string
x_mitre_platformsList of platforms that apply to the object.Array<'Field Controller/RTU/PLC/IED' | 'Network' | 'Data Historian' | 'Google Workspace' | 'Office 365' | 'Containers' | 'Azure AD' | 'Engineering Workstation' | 'Control Server' | 'Human-Machine Interface' | 'Windows' | 'Linux' | 'IaaS' | 'None' | 'iOS' | 'PRE' | 'SaaS' | 'Input/Output Server' | 'macOS' | 'Android' | ...> (min: 1)
x_mitre_domains (*)The technology domains to which the ATT&CK object belongs.Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'> (min: 1)
x_mitre_contributorsPeople and organizations who have contributed to the object. Not found on relationship objects.Array<string>
x_mitre_sectorsList of industry sector(s) an asset may be commonly observed in.XMitreSectors
x_mitre_related_assetsRelated assets describe sector specific device names or alias that may be commonly associated with the primary asset page name or functional description. Related asset objects include a description of how the related asset is associated with the page definition.RelatedAssets
x_mitre_modified_by_refThe STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations.any
+

(*) Required.

+

RelatedAsset

+

Object containing the following properties:

+
PropertyDescriptionType
name (*)string
related_asset_sectorsList of industry sector(s) an asset may be commonly observed in.XMitreSectors
descriptionA description of the object.string
+

(*) Required.

+

RelatedAssets

+

Related assets describe sector specific device names or alias that may be commonly associated with the primary asset page name or functional description. Related asset objects include a description of how the related asset is associated with the page definition.

+

Array of RelatedAsset items.

+

XMitreSectors

+

List of industry sector(s) an asset may be commonly observed in.

+

Array of 'Electric' | 'Water and Wastewater' | 'Manufacturing' | 'Rail' | 'Maritime' | 'General' items.

\ No newline at end of file diff --git a/docs/sdo/campaign.schema/index.html b/docs/sdo/campaign.schema/index.html index dabed41..84fe3a3 100644 --- a/docs/sdo/campaign.schema/index.html +++ b/docs/sdo/campaign.schema/index.html @@ -3,11 +3,21 @@ -Campaign Schema | MITRE ATT&CK Data Model - +Campaign Schema | MITRE ATT&CK Data Model + - +

Campaign Schema

+

Campaign

+

Object containing the following properties:

+
PropertyDescriptionType
id (*)any
type (*)'campaign'
spec_version (*)The version of the STIX specification used to represent this object.'2.0' | '2.1'
created (*)The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond.any
modified (*)The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond.any
created_by_ref (*)The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous.any
labelsThe labels property specifies a set of terms used to describe this object.Array<string>
revoked (*)The revoked property indicates whether the object has been revoked.boolean
confidencenumber (int, ≥1, ≤99)
langIdentifies the language of the text content in this object.string
external_references (*)A list of external references which refers to non-STIX information.Array of at least 1 objects:
  • source_name: string
  • description: string
  • url: string (url)
  • external_id: string
object_marking_refs (*)The list of marking-definition objects to be applied to this object.Array<any>
granular_markingsThe set of granular markings that apply to this object.Array of objects:
  • marking_ref: any - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • selectors: Array<string>
extensionsSpecifies any extensions of the object, as a dictionary.Object with dynamic keys of type string and values of type Object with properties:
  • extension_type: string
  • extension_properties: Object with dynamic keys of type string and values of type unknown (optional & nullable)
or Object with dynamic keys of type string and values of type unknown (optional & nullable)
name (*)The name of the object.string (min length: 1)
x_mitre_attack_spec_version (*)The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions.string
x_mitre_version (*)Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects.any
x_mitre_old_attack_idOld ATT&CK IDs that may have been associated with this objectstring
x_mitre_deprecated (*)Indicates whether the object has been deprecated.boolean
description (*)A description of the object.string
x_mitre_domains (*)The technology domains to which the ATT&CK object belongs.Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'> (min: 1)
x_mitre_modified_by_ref (*)The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations.any
x_mitre_contributorsPeople and organizations who have contributed to the object. Not found on relationship objects.Array<string>
aliases (*)Alternative names used to identify this campaign. The first alias must match the object's name.Array<string>
first_seen (*)The time that this Campaign was first seen.any
last_seen (*)The time that this Campaign was last seen.any
x_mitre_first_seen_citation (*)One or more citations for when the object was first seen, in the form '(Citation: [citation name])(Citation: [citation name])...', where each [citation name] can be found as one of the source_name values in the external_references.XMitreFirstSeenCitation
x_mitre_last_seen_citation (*)One or more citations for when the object was last seen, in the form '(Citation: [citation name])(Citation: [citation name])...', where each [citation name] can be found as one of the source_name values in the external_references.XMitreLastSeenCitation
+

(*) Required.

+

XMitreFirstSeenCitation

+

One or more citations for when the object was first seen, in the form '(Citation: [citation name])(Citation: [citation name])...', where each [citation name] can be found as one of the source_name values in the external_references.

+

Any type.

+

XMitreLastSeenCitation

+

One or more citations for when the object was last seen, in the form '(Citation: [citation name])(Citation: [citation name])...', where each [citation name] can be found as one of the source_name values in the external_references.

+

Any type.

\ No newline at end of file diff --git a/docs/sdo/collection.schema/index.html b/docs/sdo/collection.schema/index.html index 8333e28..5145922 100644 --- a/docs/sdo/collection.schema/index.html +++ b/docs/sdo/collection.schema/index.html @@ -3,11 +3,22 @@ -Collection Schema | MITRE ATT&CK Data Model - +Collection Schema | MITRE ATT&CK Data Model + - +

Collection Schema

+

Collection

+

Object containing the following properties:

+
PropertyDescriptionType
id (*)any
type (*)'x-mitre-collection'
spec_version (*)The version of the STIX specification used to represent this object.'2.0' | '2.1'
created (*)The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond.any
modified (*)The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond.any
created_by_ref (*)The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous.any
labelsThe labels property specifies a set of terms used to describe this object.Array<string>
revokedThe revoked property indicates whether the object has been revoked.boolean
confidencenumber (int, ≥1, ≤99)
langIdentifies the language of the text content in this object.string
external_referencesA list of external references which refers to non-STIX information.Array of at least 1 objects:
  • source_name: string
  • description: string
  • url: string (url)
  • external_id: string
object_marking_refs (*)The list of marking-definition objects to be applied to this object.Array<any>
granular_markingsThe set of granular markings that apply to this object.Array of objects:
  • marking_ref: any - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • selectors: Array<string>
extensionsSpecifies any extensions of the object, as a dictionary.Object with dynamic keys of type string and values of type Object with properties:
  • extension_type: string
  • extension_properties: Object with dynamic keys of type string and values of type unknown (optional & nullable)
or Object with dynamic keys of type string and values of type unknown (optional & nullable)
name (*)The name of the object.string (min length: 1)
x_mitre_attack_spec_version (*)The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions.string
x_mitre_version (*)Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects.any
x_mitre_old_attack_idOld ATT&CK IDs that may have been associated with this objectstring
x_mitre_deprecatedIndicates whether the object has been deprecated.boolean
description (*)Details, context, and explanation about the purpose or contents of the collection.string
x_mitre_contents (*)Specifies the objects contained within the collection.XMitreContents
+

(*) Required.

+

ObjectVersionReference

+

Object containing the following properties:

+
PropertyDescriptionType
object_ref (*)The ID of the referenced object.any
object_modified (*)The modified time of the referenced object. It MUST be an exact match for the modified time of the STIX object being referenced.any
+

(*) Required.

+

XMitreContents

+

Specifies the objects contained within the collection.

+

Array of at least 1 ObjectVersionReference items.

\ No newline at end of file diff --git a/docs/sdo/data-component.schema/index.html b/docs/sdo/data-component.schema/index.html index 5e8f84e..ed8bac7 100644 --- a/docs/sdo/data-component.schema/index.html +++ b/docs/sdo/data-component.schema/index.html @@ -3,11 +3,18 @@ -Data component Schema | MITRE ATT&CK Data Model - +Data component Schema | MITRE ATT&CK Data Model + - +

Data component Schema

+

DataComponent

+

Object containing the following properties:

+
PropertyDescriptionType
id (*)any
type (*)'x-mitre-data-component'
spec_version (*)The version of the STIX specification used to represent this object.'2.0' | '2.1'
created (*)The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond.any
modified (*)The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond.any
created_by_ref (*)The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous.any
labelsThe labels property specifies a set of terms used to describe this object.Array<string>
revokedThe revoked property indicates whether the object has been revoked.boolean
confidencenumber (int, ≥1, ≤99)
langIdentifies the language of the text content in this object.string
external_referencesA list of external references which refers to non-STIX information.Array of at least 1 objects:
  • source_name: string
  • description: string
  • url: string (url)
  • external_id: string
object_marking_refs (*)The list of marking-definition objects to be applied to this object.Array<any>
granular_markingsThe set of granular markings that apply to this object.Array of objects:
  • marking_ref: any - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • selectors: Array<string>
extensionsSpecifies any extensions of the object, as a dictionary.Object with dynamic keys of type string and values of type Object with properties:
  • extension_type: string
  • extension_properties: Object with dynamic keys of type string and values of type unknown (optional & nullable)
or Object with dynamic keys of type string and values of type unknown (optional & nullable)
name (*)The name of the object.string (min length: 1)
x_mitre_attack_spec_version (*)The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions.string
x_mitre_version (*)Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects.any
x_mitre_old_attack_idOld ATT&CK IDs that may have been associated with this objectstring
x_mitre_deprecatedIndicates whether the object has been deprecated.boolean
description (*)A description of the object.string
x_mitre_domains (*)The technology domains to which the ATT&CK object belongs.Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'> (min: 1)
x_mitre_modified_by_ref (*)The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations.any
x_mitre_data_source_ref (*)STIX ID of the data source this component is a part of.XMitreDataSourceRef
+

(*) Required.

+

XMitreDataSourceRef

+

STIX ID of the data source this component is a part of.

+

Any type.

\ No newline at end of file diff --git a/docs/sdo/data-source.schema/index.html b/docs/sdo/data-source.schema/index.html index 42576eb..5f484b5 100644 --- a/docs/sdo/data-source.schema/index.html +++ b/docs/sdo/data-source.schema/index.html @@ -3,11 +3,18 @@ -Data source Schema | MITRE ATT&CK Data Model - +Data source Schema | MITRE ATT&CK Data Model + - +

Data source Schema

+

DataSource

+

Object containing the following properties:

+
PropertyDescriptionType
id (*)any
type (*)'x-mitre-data-source'
spec_version (*)The version of the STIX specification used to represent this object.'2.0' | '2.1'
created (*)The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond.any
modified (*)The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond.any
created_by_ref (*)The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous.any
labelsThe labels property specifies a set of terms used to describe this object.Array<string>
revokedThe revoked property indicates whether the object has been revoked.boolean
confidencenumber (int, ≥1, ≤99)
langIdentifies the language of the text content in this object.string
external_references (*)A list of external references which refers to non-STIX information.Array of at least 1 objects:
  • source_name: string
  • description: string
  • url: string (url)
  • external_id: string
object_marking_refs (*)The list of marking-definition objects to be applied to this object.Array<any>
granular_markingsThe set of granular markings that apply to this object.Array of objects:
  • marking_ref: any - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • selectors: Array<string>
extensionsSpecifies any extensions of the object, as a dictionary.Object with dynamic keys of type string and values of type Object with properties:
  • extension_type: string
  • extension_properties: Object with dynamic keys of type string and values of type unknown (optional & nullable)
or Object with dynamic keys of type string and values of type unknown (optional & nullable)
name (*)The name of the object.string (min length: 1)
x_mitre_attack_spec_version (*)The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions.string
x_mitre_version (*)Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects.any
x_mitre_old_attack_idOld ATT&CK IDs that may have been associated with this objectstring
x_mitre_deprecatedIndicates whether the object has been deprecated.boolean
description (*)A description of the object.string
x_mitre_platformsList of platforms that apply to the object.Array<'Field Controller/RTU/PLC/IED' | 'Network' | 'Data Historian' | 'Google Workspace' | 'Office 365' | 'Containers' | 'Azure AD' | 'Engineering Workstation' | 'Control Server' | 'Human-Machine Interface' | 'Windows' | 'Linux' | 'IaaS' | 'None' | 'iOS' | 'PRE' | 'SaaS' | 'Input/Output Server' | 'macOS' | 'Android' | ...> (min: 1)
x_mitre_domains (*)The technology domains to which the ATT&CK object belongs.Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'> (min: 1)
x_mitre_modified_by_ref (*)The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations.any
x_mitre_contributorsPeople and organizations who have contributed to the object. Not found on relationship objects.Array<string>
x_mitre_collection_layers (*)List of places the data can be collected from.XMitreCollectionLayers
+

(*) Required.

+

XMitreCollectionLayers

+

List of places the data can be collected from.

+

Array of 'Cloud Control Plane' | 'Host' | 'Report' | 'Container' | 'Device' | 'OSINT' | 'Network' items.

\ No newline at end of file diff --git a/docs/sdo/group.schema/index.html b/docs/sdo/group.schema/index.html index 563c189..8cee0d0 100644 --- a/docs/sdo/group.schema/index.html +++ b/docs/sdo/group.schema/index.html @@ -3,11 +3,15 @@ -Group Schema | MITRE ATT&CK Data Model - +Group Schema | MITRE ATT&CK Data Model + - +

Group Schema

+

Group

+

Object containing the following properties:

+
PropertyDescriptionType
id (*)any
type (*)'intrusion-set'
spec_version (*)The version of the STIX specification used to represent this object.'2.0' | '2.1'
created (*)The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond.any
modified (*)The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond.any
created_by_refThe created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous.any
labelsThe labels property specifies a set of terms used to describe this object.Array<string>
revokedThe revoked property indicates whether the object has been revoked.boolean
confidencenumber (int, ≥1, ≤99)
langIdentifies the language of the text content in this object.string
external_references (*)A list of external references which refers to non-STIX information.Array of at least 1 objects:
  • source_name: string
  • description: string
  • url: string (url)
  • external_id: string
object_marking_refsThe list of marking-definition objects to be applied to this object.Array<any>
granular_markingsThe set of granular markings that apply to this object.Array of objects:
  • marking_ref: any - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • selectors: Array<string>
extensionsSpecifies any extensions of the object, as a dictionary.Object with dynamic keys of type string and values of type Object with properties:
  • extension_type: string
  • extension_properties: Object with dynamic keys of type string and values of type unknown (optional & nullable)
or Object with dynamic keys of type string and values of type unknown (optional & nullable)
name (*)The name of the object.string (min length: 1)
x_mitre_attack_spec_version (*)The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions.string
x_mitre_version (*)Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects.any
x_mitre_old_attack_idOld ATT&CK IDs that may have been associated with this objectstring
x_mitre_deprecatedIndicates whether the object has been deprecated.boolean
descriptionA description that provides more details and context about the Intrusion Set, potentially including its purpose and its key characteristics.string
x_mitre_domains (*)The technology domains to which the ATT&CK object belongs.Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'> (min: 1)
x_mitre_contributorsArray<string>
x_mitre_modified_by_refThe STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations.any
aliasesAlternative names used to identify this group. The first alias must match the object's name.Array<string>
first_seenThe time that this Intrusion Set was first seen.any
last_seenThe time that this Intrusion Set was last seen.any
goalsThe high-level goals of this Intrusion Set, namely, what are they trying to do.Array<string>
resource_levelThis property specifies the organizational level at which this Intrusion Set typically works, which in turn determines the resources available to this Intrusion Set for use in an attack.'individual' | 'club' | 'contest' | 'team' | 'organization' | 'government'
primary_motivationThe primary reason, motivation, or purpose behind this Intrusion Set.'accidental' | 'coercion' | 'dominance' | 'ideology' | 'notoriety' | 'organizational-gain' | 'personal-gain' | 'personal-satisfaction' | 'revenge' | 'unpredictable'
secondary_motivationsThe secondary reasons, motivations, or purposes behind this Intrusion Set.Array<'accidental' | 'coercion' | 'dominance' | 'ideology' | 'notoriety' | 'organizational-gain' | 'personal-gain' | 'personal-satisfaction' | 'revenge' | 'unpredictable'>
+

(*) Required.

\ No newline at end of file diff --git a/docs/sdo/identity.schema/index.html b/docs/sdo/identity.schema/index.html index 7417cb2..6c1d099 100644 --- a/docs/sdo/identity.schema/index.html +++ b/docs/sdo/identity.schema/index.html @@ -3,11 +3,15 @@ -Identity Schema | MITRE ATT&CK Data Model - +Identity Schema | MITRE ATT&CK Data Model + - +

Identity Schema

+

Identity

+

Object containing the following properties:

+
PropertyDescriptionType
id (*)any
type (*)'identity'
spec_version (*)The version of the STIX specification used to represent this object.'2.0' | '2.1'
created (*)The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond.any
modified (*)The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond.any
created_by_refThe created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous.any
labelsThe labels property specifies a set of terms used to describe this object.Array<string>
revokedThe revoked property indicates whether the object has been revoked.boolean
confidencenumber (int, ≥1, ≤99)
langIdentifies the language of the text content in this object.string
external_referencesA list of external references which refers to non-STIX information.Array of at least 1 objects:
  • source_name: string
  • description: string
  • url: string (url)
  • external_id: string
object_marking_refs (*)The list of marking-definition objects to be applied to this object.Array<any>
granular_markingsThe set of granular markings that apply to this object.Array of objects:
  • marking_ref: any - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • selectors: Array<string>
extensionsSpecifies any extensions of the object, as a dictionary.Object with dynamic keys of type string and values of type Object with properties:
  • extension_type: string
  • extension_properties: Object with dynamic keys of type string and values of type unknown (optional & nullable)
or Object with dynamic keys of type string and values of type unknown (optional & nullable)
name (*)The name of the object.string (min length: 1)
x_mitre_attack_spec_version (*)The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions.string
x_mitre_version (*)Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects.any
x_mitre_old_attack_idOld ATT&CK IDs that may have been associated with this objectstring
x_mitre_deprecatedIndicates whether the object has been deprecated.boolean
identity_class (*)The type of entity that this Identity describes, e.g., an individual or organization. This is an open vocabulary and the values SHOULD come from the identity-class-ov vocabulary.'individual' | 'group' | 'system' | 'organization' | 'class' | 'unspecified'
x_mitre_domains (*)The technology domains to which the ATT&CK object belongs.Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'> (min: 1)
descriptionA description of the object.string
rolesThe list of roles that this Identity performs.Array<string>
sectorsThe list of industry sectors that this Identity belongs to. This is an open vocabulary and values SHOULD come from the industry-sector-ov vocabulary.Array<'agriculture' | 'aerospace' | 'automotive' | 'chemical' | 'commercial' | 'communications' | 'construction' | 'defense' | 'education' | 'energy' | 'entertainment' | 'financial-services' | 'government' | 'government-emergency-services' | 'government-local' | 'government-national' | 'government-public-services' | 'government-regional' | 'healthcare' | 'hospitality-leisure' | ...>
contact_informationThe contact information (e-mail, phone number, etc.) for this Identity.string
+

(*) Required.

\ No newline at end of file diff --git a/docs/sdo/malware.schema/index.html b/docs/sdo/malware.schema/index.html index 771485a..c838993 100644 --- a/docs/sdo/malware.schema/index.html +++ b/docs/sdo/malware.schema/index.html @@ -3,11 +3,21 @@ -Malware Schema | MITRE ATT&CK Data Model - +Malware Schema | MITRE ATT&CK Data Model + - +

Malware Schema

+

Malware

+

Object containing the following properties:

+
PropertyDescriptionType
id (*)any
type (*)'malware'
spec_version (*)The version of the STIX specification used to represent this object.'2.0' | '2.1'
created (*)The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond.any
modified (*)The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond.any
created_by_ref (*)The ID of the Source object that describes who created this object.any
labelsThe labels property specifies a set of terms used to describe this object.Array<string>
revokedThe revoked property indicates whether the object has been revoked.boolean
confidencenumber (int, ≥1, ≤99)
langIdentifies the language of the text content in this object.string
external_references (*)A list of external references which refers to non-STIX information.Array of at least 1 objects:
  • source_name: string
  • description: string
  • url: string (url)
  • external_id: string
object_marking_refs (*)The list of marking-definition objects to be applied to this object.Array<any>
granular_markingsThe set of granular markings that apply to this object.Array of objects:
  • marking_ref: any - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • selectors: Array<string>
extensionsSpecifies any extensions of the object, as a dictionary.Object with dynamic keys of type string and values of type Object with properties:
  • extension_type: string
  • extension_properties: Object with dynamic keys of type string and values of type unknown (optional & nullable)
or Object with dynamic keys of type string and values of type unknown (optional & nullable)
name (*)The name of the object.string (min length: 1)
x_mitre_attack_spec_version (*)The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions.string
x_mitre_version (*)Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects.any
x_mitre_old_attack_idOld ATT&CK IDs that may have been associated with this objectstring
x_mitre_deprecatedIndicates whether the object has been deprecated.boolean
description (*)A description of the object.string
x_mitre_platformsList of platforms that apply to the object.Array<'Field Controller/RTU/PLC/IED' | 'Network' | 'Data Historian' | 'Google Workspace' | 'Office 365' | 'Containers' | 'Azure AD' | 'Engineering Workstation' | 'Control Server' | 'Human-Machine Interface' | 'Windows' | 'Linux' | 'IaaS' | 'None' | 'iOS' | 'PRE' | 'SaaS' | 'Input/Output Server' | 'macOS' | 'Android' | ...> (min: 1)
x_mitre_contributorsArray<string>
x_mitre_aliasesAlternative names used to identify this software. The first alias must match the object's name.Array<string>
x_mitre_modified_by_ref (*)The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations.any
x_mitre_domains (*)The technology domains to which the ATT&CK object belongs.Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'> (min: 1)
aliasesAlternative names used to identify this software.Array<string>
is_family (*)Whether the object represents a malware family (if true) or a malware instance (if false)boolean
malware_typesA set of categorizations for the malware being described.Array<'adware' | 'backdoor' | 'bot' | 'bootkit' | 'ddos' | 'downloader' | 'dropper' | 'exploit-kit' | 'keylogger' | 'ransomware' | 'remote-access-trojan' | 'resource-exploitation' | 'rogue-security-software' | 'rootkit' | 'screen-capture' | 'spyware' | 'trojan' | 'virus' | 'webshell' | 'wiper' | ...>
kill_chain_phasesThe list of Kill Chain Phases for which this malware can be used.Array of objects:
  • phase_name: string
  • kill_chain_name: 'mitre-attack' | 'mitre-mobile-attack' | 'mitre-ics-attack'
first_seenThe time that this malware instance or malware family was first seen.any
last_seenThe time that this malware family or malware instance was last seen.any
os_execution_envsThe operating systems that the malware family or malware instance is executable on. This applies to virtualized operating systems as well as those running on bare metal.Array<string>
architecture_execution_envsThe processor architectures (e.g., x86, ARM, etc.) that the malware instance or family is executable on.Array<'alpha' | 'arm' | 'ia-64' | 'mips' | 'powerpc' | 'sparc' | 'x86' | 'x86-64'>
implementation_languagesThe programming language(s) used to implement the malware instance or family.Array<'applescript' | 'bash' | 'c' | 'c++' | 'c#' | 'go' | 'java' | 'javascript' | 'lua' | 'objective-c' | 'perl' | 'php' | 'powershell' | 'python' | 'ruby' | 'scala' | 'swift' | 'typescript' | 'visual-basic' | 'x86-32' | ...>
capabilitiesAny of the capabilities identified for the malware instance or family.Array<'accesses-remote-machines' | 'anti-debugging' | 'anti-disassembly' | 'anti-emulation' | 'anti-memory-forensics' | 'anti-sandbox' | 'anti-vm' | 'captures-input-peripherals' | 'captures-output-peripherals' | 'captures-system-state-data' | 'cleans-traces-of-infection' | 'commits-fraud' | 'communicates-with-c2' | 'compromises-data-integrity' | 'compromises-data-availability' | 'compromises-system-availability' | 'controls-local-machine' | 'degrades-security-software' | 'degrades-system-updates' | 'determines-c2-server' | ...>
sample_refsThe sample_refs property specifies a list of identifiers of the SCO file or artifact objects associated with this malware instance(s) or family.Array<[StixArtifactType](#stixartifacttype) _or_ [StixFileType](#stixfiletype)>
+

(*) Required.

+

StixArtifactType

+

Used to specify the artifact stixType of the sample_refs property.

+

Any type.

+

StixFileType

+

Used to specify the file stixType of the sample_refs property.

+

Any type.

\ No newline at end of file diff --git a/docs/sdo/matrix.schema/index.html b/docs/sdo/matrix.schema/index.html index c349060..9cba350 100644 --- a/docs/sdo/matrix.schema/index.html +++ b/docs/sdo/matrix.schema/index.html @@ -3,11 +3,18 @@ -Matrix Schema | MITRE ATT&CK Data Model - +Matrix Schema | MITRE ATT&CK Data Model + - +

Matrix Schema

+

Matrix

+

Object containing the following properties:

+
PropertyDescriptionType
id (*)any
type (*)'x-mitre-matrix'
spec_version (*)The version of the STIX specification used to represent this object.'2.0' | '2.1'
created (*)The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond.any
modified (*)The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond.any
created_by_ref (*)The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous.any
labelsThe labels property specifies a set of terms used to describe this object.Array<string>
revokedThe revoked property indicates whether the object has been revoked.boolean
confidencenumber (int, ≥1, ≤99)
langIdentifies the language of the text content in this object.string
external_references (*)A list of external references which refers to non-STIX information.Array of at least 1 objects:
  • source_name: string
  • description: string
  • url: string (url)
  • external_id: string
object_marking_refs (*)The list of marking-definition objects to be applied to this object.Array<any>
granular_markingsThe set of granular markings that apply to this object.Array of objects:
  • marking_ref: any - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • selectors: Array<string>
extensionsSpecifies any extensions of the object, as a dictionary.Object with dynamic keys of type string and values of type Object with properties:
  • extension_type: string
  • extension_properties: Object with dynamic keys of type string and values of type unknown (optional & nullable)
or Object with dynamic keys of type string and values of type unknown (optional & nullable)
name (*)The name of the object.string (min length: 1)
x_mitre_attack_spec_version (*)The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions.string
x_mitre_version (*)Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects.any
x_mitre_old_attack_idOld ATT&CK IDs that may have been associated with this objectstring
x_mitre_deprecatedIndicates whether the object has been deprecated.boolean
description (*)A description of the object.string
x_mitre_domains (*)The technology domains to which the ATT&CK object belongs.Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'> (min: 1)
x_mitre_modified_by_ref (*)The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations.any
tactic_refs (*)An ordered list of x-mitre-tactic STIX IDs corresponding to the tactics of the matrix. The order determines the appearance within the matrix.XMitreTacticRefs
+

(*) Required.

+

XMitreTacticRefs

+

An ordered list of x-mitre-tactic STIX IDs corresponding to the tactics of the matrix. The order determines the appearance within the matrix.

+

Array of any items.

\ No newline at end of file diff --git a/docs/sdo/mitigation.schema/index.html b/docs/sdo/mitigation.schema/index.html index cd8c6f7..6315385 100644 --- a/docs/sdo/mitigation.schema/index.html +++ b/docs/sdo/mitigation.schema/index.html @@ -3,11 +3,15 @@ -Mitigation Schema | MITRE ATT&CK Data Model - +Mitigation Schema | MITRE ATT&CK Data Model + - +

Mitigation Schema

+

Mitigation

+

Object containing the following properties:

+
PropertyDescriptionType
id (*)any
type (*)'course-of-action'
spec_version (*)The version of the STIX specification used to represent this object.'2.0' | '2.1'
created (*)The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond.any
modified (*)The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond.any
created_by_ref (*)The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous.any
labelsThe labels property specifies a set of terms used to describe this object.Array<string>
revokedThe revoked property indicates whether the object has been revoked.boolean
confidencenumber (int, ≥1, ≤99)
langIdentifies the language of the text content in this object.string
external_references (*)A list of external references which refers to non-STIX information.Array of at least 1 objects:
  • source_name: string
  • description: string
  • url: string (url)
  • external_id: string
object_marking_refs (*)The list of marking-definition objects to be applied to this object.Array<any>
granular_markingsThe set of granular markings that apply to this object.Array of objects:
  • marking_ref: any - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • selectors: Array<string>
extensionsSpecifies any extensions of the object, as a dictionary.Object with dynamic keys of type string and values of type Object with properties:
  • extension_type: string
  • extension_properties: Object with dynamic keys of type string and values of type unknown (optional & nullable)
or Object with dynamic keys of type string and values of type unknown (optional & nullable)
name (*)The name of the object.string (min length: 1)
x_mitre_attack_spec_version (*)The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions.string
x_mitre_version (*)Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects.any
x_mitre_old_attack_idOld ATT&CK IDs that may have been associated with this objectstring
x_mitre_deprecatedIndicates whether the object has been deprecated.boolean
description (*)A description that provides more details and context about the Mitigation.string
x_mitre_domains (*)The technology domains to which the ATT&CK object belongs.Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'> (min: 1)
x_mitre_modified_by_ref (*)The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations.any
+

(*) Required.

\ No newline at end of file diff --git a/docs/sdo/software.schema/index.html b/docs/sdo/software.schema/index.html index 6302960..7dd29a5 100644 --- a/docs/sdo/software.schema/index.html +++ b/docs/sdo/software.schema/index.html @@ -3,11 +3,15 @@ -Software Schema | MITRE ATT&CK Data Model - +Software Schema | MITRE ATT&CK Data Model + - +

Software Schema

+

Software

+

Object containing the following properties:

+
PropertyDescriptionType
id (*)The id property universally and uniquely identifies this object.any
type (*)'malware' | 'tool'
spec_version (*)The version of the STIX specification used to represent this object.'2.0' | '2.1'
created (*)The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond.any
modified (*)The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond.any
created_by_ref (*)The ID of the Source object that describes who created this object.any
labelsThe labels property specifies a set of terms used to describe this object.Array<string>
revokedThe revoked property indicates whether the object has been revoked.boolean
confidencenumber (int, ≥1, ≤99)
langIdentifies the language of the text content in this object.string
external_references (*)A list of external references which refers to non-STIX information.Array of at least 1 objects:
  • source_name: string
  • description: string
  • url: string (url)
  • external_id: string
object_marking_refs (*)The list of marking-definition objects to be applied to this object.Array<any>
granular_markingsThe set of granular markings that apply to this object.Array of objects:
  • marking_ref: any - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • selectors: Array<string>
extensionsSpecifies any extensions of the object, as a dictionary.Object with dynamic keys of type string and values of type Object with properties:
  • extension_type: string
  • extension_properties: Object with dynamic keys of type string and values of type unknown (optional & nullable)
or Object with dynamic keys of type string and values of type unknown (optional & nullable)
name (*)The name of the object.string (min length: 1)
x_mitre_attack_spec_version (*)The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions.string
x_mitre_version (*)Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects.any
x_mitre_old_attack_idOld ATT&CK IDs that may have been associated with this objectstring
x_mitre_deprecatedIndicates whether the object has been deprecated.boolean
description (*)A description of the object.string
x_mitre_platformsList of platforms that apply to the object.Array<'Field Controller/RTU/PLC/IED' | 'Network' | 'Data Historian' | 'Google Workspace' | 'Office 365' | 'Containers' | 'Azure AD' | 'Engineering Workstation' | 'Control Server' | 'Human-Machine Interface' | 'Windows' | 'Linux' | 'IaaS' | 'None' | 'iOS' | 'PRE' | 'SaaS' | 'Input/Output Server' | 'macOS' | 'Android' | ...> (min: 1)
x_mitre_contributorsArray<string>
x_mitre_aliasesAlternative names used to identify this software. The first alias must match the object's name.Array<string>
x_mitre_modified_by_ref (*)The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations.any
x_mitre_domains (*)The technology domains to which the ATT&CK object belongs.Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'> (min: 1)
aliasesAlternative names used to identify this software.Array<string>
+

(*) Required.

\ No newline at end of file diff --git a/docs/sdo/tactic.schema/index.html b/docs/sdo/tactic.schema/index.html index 0858dfb..6a3da6a 100644 --- a/docs/sdo/tactic.schema/index.html +++ b/docs/sdo/tactic.schema/index.html @@ -3,11 +3,60 @@ -Tactic Schema | MITRE ATT&CK Data Model - +Tactic Schema | MITRE ATT&CK Data Model + - +

Tactic Schema

+

Tactic

+

Object containing the following properties:

+
PropertyDescriptionType
id (*)any
type (*)'x-mitre-tactic'
spec_version (*)The version of the STIX specification used to represent this object.'2.0' | '2.1'
created (*)The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond.any
modified (*)The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond.any
created_by_ref (*)The created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous.any
labelsThe labels property specifies a set of terms used to describe this object.Array<string>
revokedThe revoked property indicates whether the object has been revoked.boolean
confidencenumber (int, ≥1, ≤99)
langIdentifies the language of the text content in this object.string
external_references (*)A list of external references which refers to non-STIX information.Array of at least 1 objects:
  • source_name: string
  • description: string
  • url: string (url)
  • external_id: string
object_marking_refs (*)The list of marking-definition objects to be applied to this object.Array<any>
granular_markingsThe set of granular markings that apply to this object.Array of objects:
  • marking_ref: any - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • selectors: Array<string>
extensionsSpecifies any extensions of the object, as a dictionary.Object with dynamic keys of type string and values of type Object with properties:
  • extension_type: string
  • extension_properties: Object with dynamic keys of type string and values of type unknown (optional & nullable)
or Object with dynamic keys of type string and values of type unknown (optional & nullable)
name (*)The name of the object.string (min length: 1)
x_mitre_attack_spec_version (*)The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions.string
x_mitre_version (*)Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects.any
x_mitre_old_attack_idOld ATT&CK IDs that may have been associated with this objectstring
x_mitre_deprecatedIndicates whether the object has been deprecated.boolean
description (*)A description of the object.string
x_mitre_domains (*)The technology domains to which the ATT&CK object belongs.Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'> (min: 1)
x_mitre_shortname (*)The x_mitre_shortname of the tactic is used for mapping techniques into the tactic. It corresponds to kill_chain_phases.phase_name of the techniques in the tactic.XMitreShortName
x_mitre_modified_by_ref (*)The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations.any
+

(*) Required.

+

XMitreShortName

+

The x_mitre_shortname of the tactic is used for mapping techniques into the tactic. It corresponds to kill_chain_phases.phase_name of the techniques in the tactic.

+

Enum string, one of the following possible values:

+
Expand for full list of 40 values
    +
  • 'credential-access'
  • +
  • 'execution'
  • +
  • 'impact'
  • +
  • 'persistence'
  • +
  • 'privilege-escalation'
  • +
  • 'lateral-movement'
  • +
  • 'defense-evasion'
  • +
  • 'exfiltration'
  • +
  • 'discovery'
  • +
  • 'collection'
  • +
  • 'resource-development'
  • +
  • 'reconnaissance'
  • +
  • 'command-and-control'
  • +
  • 'initial-access'
  • +
  • 'inhibit-response-function'
  • +
  • 'privilege-escalation'
  • +
  • 'lateral-movement'
  • +
  • 'discovery'
  • +
  • 'initial-access'
  • +
  • 'impact'
  • +
  • 'persistence'
  • +
  • 'execution'
  • +
  • 'command-and-control'
  • +
  • 'collection'
  • +
  • 'evasion'
  • +
  • 'impair-process-control'
  • +
  • 'initial-access'
  • +
  • 'exfiltration'
  • +
  • 'persistence'
  • +
  • 'privilege-escalation'
  • +
  • 'command-and-control'
  • +
  • 'execution'
  • +
  • 'impact'
  • +
  • 'credential-access'
  • +
  • 'collection'
  • +
  • 'lateral-movement'
  • +
  • 'defense-evasion'
  • +
  • 'network-effects'
  • +
  • 'discovery'
  • +
  • 'remote-service-effects'
  • +
\ No newline at end of file diff --git a/docs/sdo/technique.schema/index.html b/docs/sdo/technique.schema/index.html index 399fff1..0689324 100644 --- a/docs/sdo/technique.schema/index.html +++ b/docs/sdo/technique.schema/index.html @@ -3,11 +3,45 @@ -Technique Schema | MITRE ATT&CK Data Model - +Technique Schema | MITRE ATT&CK Data Model + - +

Technique Schema

+

Technique

+

Object containing the following properties:

+
PropertyDescriptionType
id (*)any
type (*)'attack-pattern'
spec_version (*)The version of the STIX specification used to represent this object.'2.0' | '2.1'
created (*)The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond.any
modified (*)The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond.any
created_by_refThe created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous.any
labelsThe labels property specifies a set of terms used to describe this object.Array<string>
revokedThe revoked property indicates whether the object has been revoked.boolean
confidencenumber (int, ≥1, ≤99)
langIdentifies the language of the text content in this object.string
external_references (*)A list of external references which refers to non-STIX information.Array of at least 1 objects:
  • source_name: string
  • description: string
  • url: string (url)
  • external_id: string
object_marking_refsThe list of marking-definition objects to be applied to this object.Array<any>
granular_markingsThe set of granular markings that apply to this object.Array of objects:
  • marking_ref: any - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • selectors: Array<string>
extensionsSpecifies any extensions of the object, as a dictionary.Object with dynamic keys of type string and values of type Object with properties:
  • extension_type: string
  • extension_properties: Object with dynamic keys of type string and values of type unknown (optional & nullable)
or Object with dynamic keys of type string and values of type unknown (optional & nullable)
name (*)The name of the object.string (min length: 1)
x_mitre_attack_spec_version (*)The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions.string
x_mitre_version (*)Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects.any
x_mitre_old_attack_idOld ATT&CK IDs that may have been associated with this objectstring
x_mitre_deprecatedIndicates whether the object has been deprecated.boolean
kill_chain_phasesArray of objects:
  • phase_name: string
  • kill_chain_name: 'mitre-attack' | 'mitre-mobile-attack' | 'mitre-ics-attack'
descriptionA description of the object.string
x_mitre_platformsList of platforms that apply to the object.Array<'Field Controller/RTU/PLC/IED' | 'Network' | 'Data Historian' | 'Google Workspace' | 'Office 365' | 'Containers' | 'Azure AD' | 'Engineering Workstation' | 'Control Server' | 'Human-Machine Interface' | 'Windows' | 'Linux' | 'IaaS' | 'None' | 'iOS' | 'PRE' | 'SaaS' | 'Input/Output Server' | 'macOS' | 'Android' | ...> (min: 1)
x_mitre_detectionStrategies for identifying if a technique has been used by an adversary.XMitreDetection
x_mitre_is_subtechnique (*)If true, this attack-pattern is a sub-technique.XMitreIsSubtechnique
x_mitre_data_sourcesSources of information that may be used to identify the action or result of the action being performed.XMitreDataSources
x_mitre_defense_bypassedList of defensive tools, methodologies, or processes the technique can bypass.XMitreDefenseBypasses
x_mitre_contributorsPeople and organizations who have contributed to the object. Not found on relationship objects.Array<string>
x_mitre_permissions_requiredThe lowest level of permissions the adversary is required to be operating within to perform the technique on a system.XMitrePermissionsRequired
x_mitre_remote_supportIf true, the technique can be used to execute something on a remote system.XMitreRemoteSupport
x_mitre_system_requirementsAdditional information on requirements the adversary needs to meet or about the state of the system (software, patch level, etc.) that may be required for the technique to work.XMitreSystemRequirements
x_mitre_impact_typeDenotes if the technique can be used for integrity or availability attacks.Array<'Availability' | 'Integrity'>
x_mitre_effective_permissionsThe level of permissions the adversary will attain by performing the technique.XMitreEffectivePermissions
x_mitre_network_requirementsboolean
x_mitre_tactic_type"Post-Adversary Device Access", "Pre-Adversary Device Access", or "Without Adversary Device Access".XMitreTacticType
x_mitre_domains (*)The technology domains to which the ATT&CK object belongs.Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'> (min: 1)
x_mitre_modified_by_refThe STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations.any
+

(*) Required.

+

XMitreDataSource

+

A single data source in the format 'Data Source Name: Data Component Name'.

+

Any type.

+

XMitreDataSources

+

Sources of information that may be used to identify the action or result of the action being performed.

+

Array of XMitreDataSource items.

+

XMitreDefenseBypasses

+

List of defensive tools, methodologies, or processes the technique can bypass.

+

Array of at least 1 'Signature-based detection' | 'Multi-Factor Authentication' | 'Network Intrusion Detection System' | 'Application Control' | 'Host forensic analysis' | 'Exploit Prevention' | 'Signature-based Detection' | 'Data Execution Prevention' | 'Heuristic Detection' | 'File system access controls' | 'File Monitoring' | 'Digital Certificate Validation' | 'Logon Credentials' | 'Firewall' | 'Host Forensic Analysis' | 'Static File Analysis' | 'Heuristic detection' | 'Notarization' | 'System access controls' | 'Binary Analysis' | ... items.

+

XMitreDetection

+

Strategies for identifying if a technique has been used by an adversary.

+

String.

+

XMitreEffectivePermissions

+

The level of permissions the adversary will attain by performing the technique.

+

Array of at least 1 'Administrator' | 'SYSTEM' | 'User' | 'root' items.

+

XMitreIsSubtechnique

+

If true, this attack-pattern is a sub-technique.

+

Boolean.

+

XMitrePermissionsRequired

+

The lowest level of permissions the adversary is required to be operating within to perform the technique on a system.

+

Array of at least 1 'Remote Desktop Users' | 'SYSTEM' | 'Administrator' | 'root' | 'User' items.

+

XMitreRemoteSupport

+

If true, the technique can be used to execute something on a remote system.

+

Boolean.

+

XMitreSystemRequirements

+

Additional information on requirements the adversary needs to meet or about the state of the system (software, patch level, etc.) that may be required for the technique to work.

+

Array of string items.

+

XMitreTacticType

+

"Post-Adversary Device Access", "Pre-Adversary Device Access", or "Without Adversary Device Access".

+

Array of 'Post-Adversary Device Access' | 'Pre-Adversary Device Access' | 'Without Adversary Device Access' items.

\ No newline at end of file diff --git a/docs/sdo/tool.schema/index.html b/docs/sdo/tool.schema/index.html index 9cfd526..83cd812 100644 --- a/docs/sdo/tool.schema/index.html +++ b/docs/sdo/tool.schema/index.html @@ -3,11 +3,15 @@ -Tool Schema | MITRE ATT&CK Data Model - +Tool Schema | MITRE ATT&CK Data Model + - +

Tool Schema

+

Tool

+

Object containing the following properties:

+
PropertyDescriptionType
id (*)any
type (*)'tool'
spec_version (*)The version of the STIX specification used to represent this object.'2.0' | '2.1'
created (*)The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond.any
modified (*)The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond.any
created_by_ref (*)The ID of the Source object that describes who created this object.any
labelsThe labels property specifies a set of terms used to describe this object.Array<string>
revokedThe revoked property indicates whether the object has been revoked.boolean
confidencenumber (int, ≥1, ≤99)
langIdentifies the language of the text content in this object.string
external_references (*)A list of external references which refers to non-STIX information.Array of at least 1 objects:
  • source_name: string
  • description: string
  • url: string (url)
  • external_id: string
object_marking_refs (*)The list of marking-definition objects to be applied to this object.Array<any>
granular_markingsThe set of granular markings that apply to this object.Array of objects:
  • marking_ref: any - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • selectors: Array<string>
extensionsSpecifies any extensions of the object, as a dictionary.Object with dynamic keys of type string and values of type Object with properties:
  • extension_type: string
  • extension_properties: Object with dynamic keys of type string and values of type unknown (optional & nullable)
or Object with dynamic keys of type string and values of type unknown (optional & nullable)
name (*)The name of the object.string (min length: 1)
x_mitre_attack_spec_version (*)The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions.string
x_mitre_version (*)Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects.any
x_mitre_old_attack_idOld ATT&CK IDs that may have been associated with this objectstring
x_mitre_deprecatedIndicates whether the object has been deprecated.boolean
description (*)A description of the object.string
x_mitre_platformsList of platforms that apply to the object.Array<'Field Controller/RTU/PLC/IED' | 'Network' | 'Data Historian' | 'Google Workspace' | 'Office 365' | 'Containers' | 'Azure AD' | 'Engineering Workstation' | 'Control Server' | 'Human-Machine Interface' | 'Windows' | 'Linux' | 'IaaS' | 'None' | 'iOS' | 'PRE' | 'SaaS' | 'Input/Output Server' | 'macOS' | 'Android' | ...> (min: 1)
x_mitre_contributorsArray<string>
x_mitre_aliasesAlternative names used to identify this software. The first alias must match the object's name.Array<string>
x_mitre_modified_by_ref (*)The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations.any
x_mitre_domains (*)The technology domains to which the ATT&CK object belongs.Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'> (min: 1)
aliasesAlternative names used to identify this software.Array<string>
tool_typesThe kind(s) of tool(s) being described.Array<'denial-of-service' | 'exploitation' | 'information-gathering' | 'network-capture' | 'credential-exploitation' | 'remote-access' | 'vulnerability-scanning' | 'unknown'>
kill_chain_phasesThe list of kill chain phases for which this Tool can be used.Array of objects:
  • phase_name: string
  • kill_chain_name: 'mitre-attack' | 'mitre-mobile-attack' | 'mitre-ics-attack'
tool_versionThe version identifier associated with the Toolstring
+

(*) Required.

\ No newline at end of file diff --git a/docs/smo/marking-definition.schema/index.html b/docs/smo/marking-definition.schema/index.html index 346a568..79837bd 100644 --- a/docs/smo/marking-definition.schema/index.html +++ b/docs/smo/marking-definition.schema/index.html @@ -3,11 +3,51 @@ -Marking definition Schema | MITRE ATT&CK Data Model - +Marking definition Schema | MITRE ATT&CK Data Model + - +

Marking definition Schema

+

BaseMarkingDefinition

+

Object containing the following properties:

+
PropertyType
type (*)'marking-definition'
spec_version (*)'2.1'
id (*)string (uuid)
created (*)string (ISO 8601)
definition_type (*)'tlp'
name (*)string
definition (*)TlpMarkingObject
+

(*) Required.

+

MarkingDefinition

+

Object containing the following properties:

+
PropertyDescriptionType
id (*)any
type (*)'marking-definition'
nameThe name of the object.string (min length: 1)
spec_version (*)The version of the STIX specification used to represent this object.'2.0' | '2.1'
created (*)The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond.any
created_by_ref (*)The ID of the Source object that describes who created this object.any
definition_type (*)The definition_type property identifies the type of Marking Definition.'statement' | 'tlp'
definition (*)The definition property contains the marking object itself (e.g., the TLP marking as defined in section 7.2.1.4, the Statement marking as defined in section 7.2.1.3). Any new marking definitions SHOULD be specified using the extension facility described in section 7.3. If the extensions property is not present, this property MUST be present.TlpMarkingObject or StatementMarkingObject
x_mitre_domains (*)The technology domains to which the ATT&CK object belongs.Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'> (min: 1)
x_mitre_attack_spec_version (*)The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions.string
+

(*) Required.

+

StatementMarkingObject

+

Object containing the following properties:

+
PropertyDescriptionType
statement (*)A Statement (e.g., copyright, terms of use) applied to the content marked by this marking definition.string
+

(*) Required.

+

TlpAmber

+

Object containing the following properties:

+
PropertyType
type (*)'marking-definition'
spec_version (*)'2.1'
id (*)'marking-definition--f88d31f6-486f-44da-b317-01333bde0b82'
created (*)string (ISO 8601)
definition_type (*)'tlp'
name (*)'TLP:AMBER'
definition (*)Object with properties:
  • tlp: 'amber'
+

(*) Required.

+

TlpGreen

+

Object containing the following properties:

+
PropertyType
type (*)'marking-definition'
spec_version (*)'2.1'
id (*)'marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da'
created (*)string (ISO 8601)
definition_type (*)'tlp'
name (*)'TLP:GREEN'
definition (*)Object with properties:
  • tlp: 'green'
+

(*) Required.

+

TlpMarkingDefinition

+

Union of the following possible types:

+ +

TlpMarkingObject

+

Object containing the following properties:

+
PropertyDescriptionType
tlp (*)The TLP level [TLP] of the content marked by this marking definition, as defined in this section.string
+

(*) Required.

+

TlpRed

+

Object containing the following properties:

+
PropertyType
type (*)'marking-definition'
spec_version (*)'2.1'
id (*)'marking-definition--5e57c739-391a-4eb3-b6be-7d15ca92d5ed'
created (*)string (ISO 8601)
definition_type (*)'tlp'
name (*)'TLP:RED'
definition (*)Object with properties:
  • tlp: 'red'
+

(*) Required.

+

TlpWhite

+

Object containing the following properties:

+
PropertyType
type (*)'marking-definition'
spec_version (*)'2.1'
id (*)'marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9'
created (*)string (ISO 8601)
definition_type (*)'tlp'
name (*)'TLP:WHITE'
definition (*)Object with properties:
  • tlp: 'white'
+

(*) Required.

\ No newline at end of file diff --git a/docs/sro/relationship.schema/index.html b/docs/sro/relationship.schema/index.html index b4a4a45..d505f77 100644 --- a/docs/sro/relationship.schema/index.html +++ b/docs/sro/relationship.schema/index.html @@ -3,11 +3,27 @@ -Relationship Schema | MITRE ATT&CK Data Model - +Relationship Schema | MITRE ATT&CK Data Model + - +

Relationship Schema

+

Relationship

+

Object containing the following properties:

+
PropertyDescriptionType
id (*)any
type (*)'relationship'
spec_version (*)The version of the STIX specification used to represent this object.'2.0' | '2.1'
created (*)The created property represents the time at which the first version of this object was created. The timstamp value MUST be precise to the nearest millisecond.any
modified (*)The modified property represents the time that this particular version of the object was modified. The timstamp value MUST be precise to the nearest millisecond.any
created_by_refThe created_by_ref property specifies the id property of the identity object that describes the entity that created this object. If this attribute is omitted, the source of this information is undefined. This may be used by object creators who wish to remain anonymous.any
labelsThe labels property specifies a set of terms used to describe this object.Array<string>
revokedThe revoked property indicates whether the object has been revoked.boolean
confidencenumber (int, ≥1, ≤99)
langIdentifies the language of the text content in this object.string
external_referencesA list of external references which refers to non-STIX information.Array of at least 1 objects:
  • source_name: string
  • description: string
  • url: string (url)
  • external_id: string
object_marking_refs (*)The list of marking-definition objects to be applied to this object.Array<any>
granular_markingsThe set of granular markings that apply to this object.Array of objects:
  • marking_ref: any - Represents identifiers across the CTI specifications. The format consists of the name of the top-level object being identified, followed by two dashes (--), followed by a UUIDv4.
  • selectors: Array<string>
extensionsSpecifies any extensions of the object, as a dictionary.Object with dynamic keys of type string and values of type Object with properties:
  • extension_type: string
  • extension_properties: Object with dynamic keys of type string and values of type unknown (optional & nullable)
or Object with dynamic keys of type string and values of type unknown (optional & nullable)
relationship_type (*)The name used to identify the type of Relationship.RelationshipType
descriptionA description of the object.string
source_ref (*)The ID of the source (from) object.any
target_ref (*)The ID of the target (to) object.any
x_mitre_modified_by_ref (*)The STIX ID of the MITRE identity object. Used to track the identity of the MITRE organization, which created the current version of the object. Previous versions of the object may have been created by other individuals or organizations.any
x_mitre_attack_spec_version (*)The version of the ATT&CK spec used by the object. This field helps consuming software determine if the data format is supported. If the field is not present on an object, the spec version will be assumed to be 2.0.0. Refer to the ATT&CK CHANGELOG for all supported versions.string
x_mitre_domains (*)The technology domains to which the ATT&CK object belongs.Array<'enterprise-attack' | 'mobile-attack' | 'ics-attack'> (min: 1)
x_mitre_version (*)Represents the version of the object in a 'major.minor' format, where both 'major' and 'minor' are integers between 0 and 99. This versioning follows semantic versioning principles but excludes the patch number. The version number is incremented by ATT&CK when the content of the object is updated. This property does not apply to relationship objects.any
x_mitre_deprecatedIndicates whether the object has been deprecated.boolean
+

(*) Required.

+

RelationshipType

+

The name used to identify the type of Relationship.

+

Enum string, one of the following possible values:

+
    +
  • 'uses'
  • +
  • 'mitigates'
  • +
  • 'subtechnique-of'
  • +
  • 'detects'
  • +
  • 'attributed-to'
  • +
  • 'targets'
  • +
  • 'revoked-by'
  • +
\ No newline at end of file diff --git a/index.html b/index.html index 83cb134..d28675c 100644 --- a/index.html +++ b/index.html @@ -4,7 +4,7 @@ MITRE ATT&CK Data Model | MITRE ATT&CK Data Model - +